CVE-2022-24587

Removed by vendor...

CVE-2022-24227

A cross-site scripting XSS vulnerability in BoltWire v7.10 and v 8.00 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the name and lastname parameters...

Cross site scripting

A cross-site scripting XSS vulnerability in BoltWire v7.10 and v 8.00 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the name and lastname parameters...

CVE-2022-24585

A stored cross-site scripting XSS vulnerability in the component /core/admin/comment.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the author parameter...

CVE-2022-24586

A stored cross-site scripting XSS vulnerability in the component /core/admin/categories.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the content and thumbnail parameters...

CVE-2022-24586

CVE-2022-24586: A stored XSS in PluXml v5.8.7 affecting /core/admin/categories.php, where crafted payloads in content and thumbnail parameters enable execution of arbitrary scripts/HTML. Exploit details and impact are described across multiple sources referencing the same vector; the exact remedi...

CVE-2022-24586

A stored cross-site scripting XSS vulnerability in the component /core/admin/categories.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the content and thumbnail parameters...

CVE-2021-46558

Multiple cross-site scripting XSS vulnerabilities in the Add User module of Issabel PBX 20200102 allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the username and password fields...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the Add User module of Issabel PBX 20200102 allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the username and password fields...

CVE-2021-46558

Multiple cross-site scripting XSS vulnerabilities in the Add User module of Issabel PBX 20200102 allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the username and password fields...

CVE-2022-24227

A cross-site scripting XSS vulnerability in BoltWire v7.10 and v 8.00 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the name and lastname parameters...

Cross site scripting

A cross-site scripting XSS vulnerability in Pybbs v6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the Search box...

Vulnerabilities fixed in DiskStation Manager (DSM)

Vulnerabilities have been fixed in DiskStation Manager. The vulnerabilities allow a remote malicious person to inject arbitrary web script or HTML. Synology has released updates to fix the vulnerabilities in DSM. For more information, see: https://www.synology.com/en-global/security/advisory...

CVE-2022-0381

The Embed Swagger WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to insufficient escaping/sanitization and validation via the url parameter found in the /swagger-iframe.php file which allows attackers to inject arbitrary web scripts onto the page, in versions up to and...

Cross site scripting

The Fotobook WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to insufficient escaping and the use of $SERVER'PHPSELF' found in the /options-fotobook.php file which allows attackers to inject arbitrary web scripts onto the page, in versions up to and including 3.2.3...

Cross site scripting

The Embed Swagger WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to insufficient escaping/sanitization and validation via the url parameter found in the /swagger-iframe.php file which allows attackers to inject arbitrary web scripts onto the page, in versions up to and...

CVE-2022-0380 Fotobook <= 3.2.3 Reflected Cross-Site Scripting

The Fotobook WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to insufficient escaping and the use of $SERVER'PHPSELF' found in the /options-fotobook.php file which allows attackers to inject arbitrary web scripts onto the page, in versions up to and including 3.2.3...

CVE-2022-23871

Multiple cross-site scripting XSS vulnerabilities in the component outcomesaddProcess.php of Gibbon CMS v22.0.01 allow attackers to execute arbitrary web scripts or HTML via a crafted payload insterted into the name, category, description parameters...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the component outcomesaddProcess.php of Gibbon CMS v22.0.01 allow attackers to execute arbitrary web scripts or HTML via a crafted payload insterted into the name, category, description parameters...

CVE-2022-23871

Multiple cross-site scripting XSS vulnerabilities in the component outcomesaddProcess.php of Gibbon CMS v22.0.01 allow attackers to execute arbitrary web scripts or HTML via a crafted payload insterted into the name, category, description parameters...