Vulnerabilities (CVE)

Filtered by CWE-79
Total 19821 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-3355 1 Inventree Project 1 Inventree 2022-09-30 N/A 5.4 MEDIUM
Cross-site Scripting (XSS) - Stored in GitHub repository inventree/inventree prior to 0.8.3.
CVE-2020-5340 1 Emc 1 Rsa Authentication Manager 2022-09-30 3.5 LOW 4.8 MEDIUM
RSA Authentication Manager versions prior to 8.4 P10 contain a stored cross-site scripting vulnerability in the Security Console. A malicious RSA Authentication Manager Security Console administrator with advanced privileges could exploit this vulnerability to store arbitrary HTML or JavaScript code through the Security Console web interface. When other Security Console administrators attempt to change the default security domain mapping, the injected scripts could potentially be executed in their browser.
CVE-2020-5346 1 Emc 1 Rsa Authentication Manager 2022-09-30 3.5 LOW 4.8 MEDIUM
RSA Authentication Manager versions prior to 8.4 P11 contain a stored cross-site scripting vulnerability in the Security Console. A malicious RSA Authentication Manager Security Console administrator with advanced privileges could exploit this vulnerability to store arbitrary HTML or JavaScript code through the Security Console web interface. When other Security Console administrators open the affected page, the injected scripts could potentially be executed in their browser.
CVE-2020-5339 1 Emc 1 Rsa Authentication Manager 2022-09-30 3.5 LOW 4.8 MEDIUM
RSA Authentication Manager versions prior to 8.4 P10 contain a stored cross-site scripting vulnerability in the Security Console. A malicious RSA Authentication Manager Security Console administrator with advanced privileges could exploit this vulnerability to store arbitrary HTML or JavaScript code through the Security Console web interface. When other Security Console administrators open the affected report page, the injected scripts could potentially be executed in their browser.
CVE-2021-45843 1 Glfusion 1 Glfusion 2022-09-30 N/A 6.1 MEDIUM
glFusion CMS v1.7.9 is affected by a reflected Cross Site Scripting (XSS) vulnerability. The value of the title request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. This input was echoed unmodified in the application's response.
CVE-2021-36568 2 Fedoraproject, Moodle 2 Fedora, Moodle 2022-09-30 N/A 5.4 MEDIUM
In certain Moodle products after creating a course, it is possible to add in a arbitrary "Topic" a resource, in this case a "Database" with the type "Text" where its values "Field name" and "Field description" are vulnerable to Cross Site Scripting Stored(XSS). This affects Moodle 3.11 and Moodle 3.10.4 and Moodle 3.9.7.
CVE-2022-40626 2 Fedoraproject, Zabbix 2 Fedora, Zabbix 2022-09-30 N/A 6.1 MEDIUM
An unauthenticated user can create a link with reflected Javascript code inside the backurl parameter and send it to other authenticated users in order to create a fake account with predefined login, password and role in Zabbix Frontend.
CVE-2022-1719 1 Trudesk Project 1 Trudesk 2022-09-30 N/A 5.4 MEDIUM
Reflected XSS on ticket filter function in GitHub repository polonel/trudesk prior to 1.2.2. This vulnerability is capable of executing a malicious javascript code in web page
CVE-2022-40912 1 Etaplighting 1 Etap Safety Manager 2022-09-30 N/A 6.1 MEDIUM
ETAP Lighting International NV ETAP Safety Manager 1.0.0.32 is vulnerable to Cross Site Scripting (XSS). Input passed to the GET parameter 'action' is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML/JS code in a user's browser session in context of an affected site.
CVE-2021-36830 2022-09-30 N/A N/A
Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Comment Guestbook plugin <= 0.8.0 at WordPress.
CVE-2021-36839 2022-09-30 N/A N/A
Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Social Media Follow Buttons Bar plugin <= 4.73 at WordPress.
CVE-2021-36855 2022-09-30 N/A N/A
Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability in Booking Ultra Pro plugin <= 1.1.4 at WordPress.
CVE-2021-42046 1 Mediawiki 1 Mediawiki 2022-09-30 N/A 6.1 MEDIUM
An issue was discovered in the GlobalWatchlist extension in MediaWiki through 1.36.2. The rev-deleted-user and ntimes messages were not properly escaped and allowed for users to inject HTML and JavaScript.
CVE-2021-42048 1 Mediawiki 1 Mediawiki 2022-09-30 N/A 4.8 MEDIUM
An issue was discovered in the Growth extension in MediaWiki through 1.36.2. Any admin can add arbitrary JavaScript code to the Newcomer home page footer, which can be executed by viewers with zero edits.
CVE-2021-42047 1 Mediawiki 1 Mediawiki 2022-09-30 N/A 5.4 MEDIUM
An issue was discovered in the Growth extension in MediaWiki through 1.36.2. On any Wiki with the Mentor Dashboard feature enabled, users can login with a mentor account and trigger an XSS payload (such as alert) via Growthexperiments-mentor-dashboard-mentee-overview-no-js-fallback.
CVE-2022-30578 1 Tibco 1 Ebx Add-ons 2022-09-30 N/A 9.0 CRITICAL
The Web Server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions 5.4.1 and below.
CVE-2022-23872 1 Emlog 1 Emlog 2022-09-30 3.5 LOW 4.8 MEDIUM
Emlog pro v1.1.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /admin/configure.php via the parameter footer_info.
CVE-2020-36056 1 Beetel 2 777vr1, 777vr1 Firmware 2022-09-30 3.5 LOW 5.4 MEDIUM
Beetel 777VR1-DI Hardware Version REV.1.01 Firmware Version V01.00.09_55 was discovered to contain a cross-site scripting (XSS) vulnerability via the Ping diagnostic option.
CVE-2022-23321 1 Xerox 1 Xmpie Ustore 2022-09-30 3.5 LOW 4.8 MEDIUM
A persistent cross-site scripting (XSS) vulnerability exists on two input fields within the administrative panel when editing users in the XMPie UStore application on version 12.3.7244.0.
CVE-2022-37028 1 Iris 1 Isams 2022-09-30 N/A 5.4 MEDIUM
ISAMS 22.2.3.2 is prone to stored Cross-site Scripting (XSS) attack on the title field for groups, allowing an attacker to store a JavaScript payload that will be executed when another user uses the application.