Vulnerabilities (CVE)

Filtered by CWE-79
Total 19398 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-5970 1 Sukimalab 1 Attendance Manager 2022-07-29 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting vulnerability in Attendance Manager 0.5.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2022-34963 1 Openteknik 1 Open Source Social Network 2022-07-29 N/A 5.4 MEDIUM
OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting (XSS) vulnerability via the News Feed module.
CVE-2022-2072 1 Name Directory Project 1 Name Directory 2022-07-29 N/A 6.1 MEDIUM
The Name Directory WordPress plugin before 1.25.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. Furthermore, as the payload is also saved into the database after the request, it leads to a Stored XSS as well
CVE-2022-20615 2 Jenkins, Oracle 2 Matrix Project, Communications Cloud Native Core Automated Test Suite 2022-07-29 3.5 LOW 5.4 MEDIUM
Jenkins Matrix Project Plugin 1.19 and earlier does not escape HTML metacharacters in node and label names, and label descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure permission.
CVE-2021-24333 1 Content Copy Protection \& Prevent Image Save Project 1 Content Copy Protection \& Prevent Image Save 2022-07-29 4.3 MEDIUM 6.5 MEDIUM
The Content Copy Protection & Prevent Image Save WordPress plugin through 1.3 does not check for CSRF when saving its settings, not perform any validation and sanitisation on them, allowing attackers to make a logged in administrator set arbitrary XSS payloads in them.
CVE-2022-34961 1 Openteknik 1 Open Source Social Network 2022-07-29 N/A 5.4 MEDIUM
OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Users Timeline module.
CVE-2021-24328 1 Clogica 1 Wp Login Security And History 2022-07-29 3.5 LOW 6.2 MEDIUM
The WP Login Security and History WordPress plugin through 1.0 did not have CSRF check when saving its settings, not any sanitisation or validation on them. This could allow attackers to make logged in administrators change the plugin's settings to arbitrary values, and set XSS payloads on them as well
CVE-2022-2115 1 Essentialplugin 1 Popup Anything 2022-07-29 N/A 6.1 MEDIUM
The Popup Anything WordPress plugin before 2.1.7 does not sanitise and escape a parameter before outputting it back in a frontend page, leading to a Reflected Cross-Site Scripting
CVE-2022-2219 1 Brizy 1 Unyson 2022-07-29 N/A 7.2 HIGH
The Unyson WordPress plugin before 2.7.27 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting
CVE-2022-2189 1 Tipsandtricks-hq 1 Wp Video Lightbox 2022-07-29 N/A 6.1 MEDIUM
The WP Video Lightbox WordPress plugin before 1.9.5 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers
CVE-2022-20916 1 Cisco 1 Iot Control Center 2022-07-29 N/A 6.1 MEDIUM
A vulnerability in the web-based management interface of Cisco IoT Control Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
CVE-2022-2239 1 Emarketdesign 1 Request A Quote 2022-07-29 N/A 4.8 MEDIUM
The Request a Quote WordPress plugin through 2.3.7 does not sanitise and escape some of its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
CVE-2022-2299 1 Allow Svg Files Project 1 Allow Svg Files 2022-07-29 N/A 5.4 MEDIUM
The Allow SVG Files WordPress plugin through 1.1 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads
CVE-2022-2340 1 W-dalil Project 1 W-dalil 2022-07-29 N/A 4.8 MEDIUM
The W-DALIL WordPress plugin through 2.0 does not sanitise and escape some of its fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup)
CVE-2022-35651 3 Fedoraproject, Moodle, Redhat 3 Fedora, Moodle, Enterprise Linux 2022-07-29 N/A 6.1 MEDIUM
A stored XSS and blind SSRF vulnerability was found in Moodle, occurs due to insufficient sanitization of user-supplied data in the SCORM track details. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website to steal potentially sensitive information, change appearance of the web page, can perform phishing and drive-by-download attacks.
CVE-2022-2341 1 Simple Page Transition Project 1 Simple Page Transition 2022-07-29 N/A 4.8 MEDIUM
The Simple Page Transition WordPress plugin through 1.4.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup)
CVE-2020-13564 2 Open-emr, Phpgacl Project 2 Openemr, Phpgacl 2022-07-29 4.3 MEDIUM 6.1 MEDIUM
A cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbitrary JavaScript execution. An attacker can provide a crafted URL to trigger this vulnerability in the phpGACL template acl_id parameter.
CVE-2020-13563 2 Open-emr, Phpgacl Project 2 Openemr, Phpgacl 2022-07-29 4.3 MEDIUM 6.1 MEDIUM
A cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbitrary JavaScript execution. An attacker can provide a crafted URL to trigger this vulnerability in the phpGACL template group_id parameter.
CVE-2021-24683 1 Awplife 1 Weather Effect 2022-07-29 4.3 MEDIUM 5.4 MEDIUM
The Weather Effect WordPress plugin before 1.3.4 does not have any CSRF checks in place when saving its settings, and do not validate or escape them, which could lead to Stored Cross-Site Scripting issue.
CVE-2021-24543 1 Jquery-reply-to-comment Project 1 Jquery-reply-to-comment 2022-07-29 4.3 MEDIUM 6.1 MEDIUM
The jQuery Reply to Comment WordPress plugin through 1.31 does not have any CSRF check when saving its settings, nor sanitise or escape its 'Quote String' and 'Reply String' settings before outputting them in Comments, leading to a Stored Cross-Site Scripting issue.