Vulnerabilities (CVE)

Filtered by CWE-79
Total 18948 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-40910 1 Phpcms 1 Phpcms 2022-06-23 4.3 MEDIUM 6.1 MEDIUM
There is a reflective cross-site scripting (XSS) vulnerability in the PHPCMS V9.6.3 management side.
CVE-2022-29485 1 Ss-proj 1 Shirasagi 2022-06-23 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting vulnerability in SHIRASAGI v1.0.0 to v1.14.2, and v1.15.0 allows a remote attacker to inject an arbitrary script via unspecified vectors.
CVE-2022-32286 1 Mendix 1 Saml 2022-06-23 4.3 MEDIUM 6.1 MEDIUM
A vulnerability has been identified in Mendix SAML Module (Mendix 7 compatible) (All versions < V1.16.6), Mendix SAML Module (Mendix 8 compatible) (All versions < V2.2.2), Mendix SAML Module (Mendix 9 compatible) (All versions < V3.2.3). In certain configurations SAML module is vulnerable to Cross Site Scripting (XSS) attacks due to insufficient error message sanitation. This could allow an attacker to execute malicious code by tricking users into accessing a malicious link.
CVE-2022-29438 1 Nextcode 1 Image Slider By Nextcode 2022-06-23 3.5 LOW 4.8 MEDIUM
Authenticated (author or higher user role) Persistent Cross-Site Scripting (XSS) vulnerability in Image Slider by NextCode plugin <= 1.1.2 at WordPress.
CVE-2022-31048 1 Typo3 1 Typo3 2022-06-23 3.5 LOW 5.4 MEDIUM
TYPO3 is an open source web content management system. Prior to versions 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, the Form Designer backend module of the Form Framework is vulnerable to cross-site scripting. A valid backend user account with access to the form module is needed to exploit this vulnerability. TYPO3 versions 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11 contain a fix for the problem.
CVE-2022-31049 1 Typo3 1 Typo3 2022-06-23 3.5 LOW 5.4 MEDIUM
TYPO3 is an open source web content management system. Prior to versions 9.5.34 ELTS, 10.4.29, and 11.5.11, user submitted content was used without being properly encoded in HTML emails sent to users. The actually affected components were mail clients used to view those messages. TYPO3 versions 9.5.34 ELTS, 10.4.29, and 11.5.11 contain a fix for the problem.
CVE-2022-29034 1 Siemens 1 Sinema Remote Connect Server 2022-06-23 4.3 MEDIUM 6.1 MEDIUM
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). An error message pop up window in the web interface of the affected application does not prevent injection of JavaScript code. This could allow attackers to perform reflected cross-site scripting (XSS) attacks.
CVE-2022-2079 1 Xgenecloud 1 Nocodb 2022-06-22 3.5 LOW 5.4 MEDIUM
Cross-site Scripting (XSS) - Stored in GitHub repository nocodb/nocodb prior to 0.91.7+.
CVE-2022-31403 1 Combodo 1 Itop 2022-06-22 4.3 MEDIUM 6.1 MEDIUM
ITOP v3.0.1 was discovered to contain a cross-site scripting (XSS) vulnerability via /itop/pages/ajax.render.php.
CVE-2022-1756 1 Thenewsletterplugin 1 Newsletter 2022-06-22 4.3 MEDIUM 6.1 MEDIUM
The Newsletter WordPress plugin before 7.4.5 does not sanitize and escape the $_SERVER['REQUEST_URI'] before echoing it back in admin pages. Although this uses addslashes, and most modern browsers automatically URLEncode requests, this is still vulnerable to Reflected XSS in older browsers such as Internet Explorer 9 or below.
CVE-2021-40678 1 Piwigo 1 Piwigo 2022-06-22 3.5 LOW 5.4 MEDIUM
In Piwigo 11.5.0, there exists a persistent cross-site scripting in the single mode function through /admin.php?page=batch_manager&mode=unit.
CVE-2022-32145 1 Siemens 1 Teamcenter Active Workspace 2022-06-22 4.3 MEDIUM 6.1 MEDIUM
A vulnerability has been identified in Teamcenter Active Workspace V5.2 (All versions < V5.2.9), Teamcenter Active Workspace V6.0 (All versions < V6.0.3). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious code by tricking users into accessing a malicious link.
CVE-2022-2066 1 Facturascripts 1 Facturascripts 2022-06-22 4.3 MEDIUM 6.1 MEDIUM
Cross-site Scripting (XSS) - Reflected in GitHub repository neorazorx/facturascripts prior to 2022.06.
CVE-2022-2065 1 Facturascripts 1 Facturascripts 2022-06-22 3.5 LOW 5.4 MEDIUM
Cross-site Scripting (XSS) - Stored in GitHub repository neorazorx/facturascripts prior to 2022.06.
CVE-2022-1985 1 Wpdownloadmanager 1 Wordpress Download Manager 2022-06-22 4.3 MEDIUM 6.1 MEDIUM
The Download Manager Plugin for WordPress is vulnerable to reflected Cross-Site Scripting in versions up to, and including 3.2.42. This is due to insufficient input sanitization and output escaping on the 'frameid' parameter found in the ~/src/Package/views/shortcode-iframe.php file.
CVE-2022-2174 2022-06-22 N/A N/A
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.18.
CVE-2022-23056 2022-06-22 N/A 5.4 MEDIUM
In ERPNext, versions v13.0.0-beta.13 through v13.30.0 are vulnerable to Stored XSS at the Patient History page which allows a low privilege user to conduct an account takeover attack.
CVE-2022-23077 2022-06-22 N/A 6.1 MEDIUM
In habitica versions v4.119.0 through v4.232.2 are vulnerable to DOM XSS via the login page.
CVE-2022-23057 2022-06-22 N/A 5.4 MEDIUM
In ERPNext, versions v12.0.9--v13.0.3 are vulnerable to Stored Cross-Site-Scripting (XSS), due to user input not being validated properly. A low privileged attacker could inject arbitrary code into input fields when editing his profile.
CVE-2022-23058 2022-06-22 N/A 5.4 MEDIUM
ERPNext in versions v12.0.9-v13.0.3 are affected by a stored XSS vulnerability that allows low privileged users to store malicious scripts in the ‘username’ field in ‘my settings’ which can lead to full account takeover.