CVE-2022-31358

A reflected cross-site scripting XSS vulnerability in Proxmox Virtual Environment prior to v7.2-3 allows remote attackers to execute arbitrary web scripts or HTML via non-existent endpoints under path /api2/html/...

CVE-2022-4207

The Image Hover Effects Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several values that can be added to an Image Hover in versions 9.8.1 to 9.8.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to...

Cross site scripting

The Image Hover Effects Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several values that can be added to an Image Hover in versions 9.8.1 to 9.8.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to...

CVE-2022-4207

The Image Hover Effects Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several values that can be added to an Image Hover in versions 9.8.1 to 9.8.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to...

CVE-2022-45028

A cross-site scripting XSS vulnerability in Arris NVG443B 9.3.0h3d36 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request sent to /cgi-bin/logs.ha...

CVE-2022-46058

AeroCMS v0.0.1 was discovered to contain a cross-site scripting XSS vulnerability via addpost.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comments text field...

Cross site scripting

AeroCMS v0.0.1 was discovered to contain a cross-site scripting XSS vulnerability via addpost.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comments text field...

CVE-2022-46058

CVE-2022-46058 affects AeroCMS v0.0.1, with a cross-site scripting (XSS) vulnerability exploitable via add_post.php. The issue allows an attacker to inject a crafted payload into the Comments text field to execute arbitrary web scripts or HTML. This is documented across multiple sources (NVD, RH ...

Cross site scripting

A cross-site scripting XSS vulnerability in Book Store Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Level parameter under the Add New System User module...

Cross site scripting

Online Leave Management System v1.0 was discovered to contain a stored cross-site scripting XSS vulnerability in the component /leavesystem/admin/?page=maintenance/department. This vulnerability allows attackers to execute arbitrary web scripts or HTML via crafted payload injected into the Name...

CVE-2022-45008

Online Leave Management System v1.0 was discovered to contain a stored cross-site scripting XSS vulnerability in the component /leavesystem/admin/?page=maintenance/department. This vulnerability allows attackers to execute arbitrary web scripts or HTML via crafted payload injected into the Name...

CVE-2022-45217

A cross-site scripting XSS vulnerability in Book Store Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Level parameter under the Add New System User module...

CVE-2022-45769

A cross-site scripting XSS vulnerability in ClicShoppingV3 v3.402 allows attackers to execute arbitrary web scripts or HTML via a crafted URL parameter...

CVE-2022-45990

A cross-site scripting XSS vulnerability in the component /signupscript.php of Ecommerce-Website v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the eMail parameter...

Cross site scripting

A cross-site scripting XSS vulnerability in ClicShoppingV3 v3.402 allows attackers to execute arbitrary web scripts or HTML via a crafted URL parameter...

Cross site scripting

A cross-site scripting XSS vulnerability in the component /signupscript.php of Ecommerce-Website v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the eMail parameter...

CVE-2022-4209

The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'pointsf' parameter on the 'chainedquizlist' page in versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers ...

Cross site scripting

The Chained Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'apikey' parameter in versions up to, and including, 1.3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative privileges to...

Cross site scripting

The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'date' parameter on the 'chainedquizlist' page in versions up to, and including, 1.3.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers t...

Cross site scripting

The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'datef' parameter on the 'chainedquizlist' page in versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...