Security Vulnerabilities, CVEs, Published In February 2022 (XSS)
An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. XSS can occur via a payload in the SAMLResponse parameter of the HTTP request body.
Max CVSS
6.1
EPSS Score
0.08%
Published
2022-02-28
Updated
2022-03-08
Tricentis qTest before 10.4 allows stored XSS by an authenticated attacker.
Max CVSS
5.4
EPSS Score
0.05%
Published
2022-02-26
Updated
2022-03-07
Obyte (formerly Byteball) Wallet before 3.4.1 allows XSS. A crafted chat message can lead to remote code execution.
Max CVSS
6.1
EPSS Score
0.30%
Published
2022-02-28
Updated
2022-03-08
Maxsite CMS v108 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the parameter f_tags at /admin/page_edit/3.
Max CVSS
5.4
EPSS Score
0.06%
Published
2022-02-28
Updated
2022-03-08
Maxsite CMS v180 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the parameter f_file_description at /admin/files.
Max CVSS
5.4
EPSS Score
0.06%
Published
2022-02-28
Updated
2022-03-08
Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the demail parameter at /admin-panel1.php.
Max CVSS
5.4
EPSS Score
0.06%
Published
2022-02-28
Updated
2022-03-08
Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the dpassword parameter at /admin-panel1.php.
Max CVSS
5.4
EPSS Score
0.06%
Published
2022-02-28
Updated
2022-03-08
Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Doctor parameter at /admin-panel1.php.
Max CVSS
5.4
EPSS Score
0.06%
Published
2022-02-28
Updated
2022-03-08
ZEROF Web Server 2.0 allows /admin.back XSS.
Max CVSS
6.1
EPSS Score
0.12%
Published
2022-02-18
Updated
2022-02-24
An issue was discovered in Cerebrate through 1.4. XSS could occur in the bookmarks component.
Max CVSS
6.1
EPSS Score
0.09%
Published
2022-02-18
Updated
2023-12-21
An issue was discovered in Cerebrate through 1.4. genericForm allows reflected XSS in form descriptions via a user-controlled description.
Max CVSS
6.1
EPSS Score
0.08%
Published
2022-02-18
Updated
2023-09-28
The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the platform parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers to inject arbitrary web scripts onto several pages that execute when site administrators view a sites statistics, in versions up to and including 13.1.5.
Max CVSS
7.2
EPSS Score
0.16%
Published
2022-02-24
Updated
2022-03-03
The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the browser parameter found in the ~/includes/class-wp-statistics-visitor.php file which allows attackers to inject arbitrary web scripts onto several pages that execute when site administrators view a sites statistics, in versions up to and including 13.1.5.
Max CVSS
7.2
EPSS Score
0.16%
Published
2022-02-24
Updated
2022-03-03
The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the IP parameter found in the ~/includes/class-wp-statistics-ip.php file which allows attackers to inject arbitrary web scripts onto several pages that execute when site administrators view a sites statistics, in versions up to and including 13.1.5.
Max CVSS
7.2
EPSS Score
0.16%
Published
2022-02-24
Updated
2022-03-03
JetBrains TeamCity before 2021.2.2 was vulnerable to reflected XSS.
Max CVSS
6.1
EPSS Score
0.08%
Published
2022-02-25
Updated
2022-03-08
JetBrains Hub before 2021.1.14276 was vulnerable to reflected XSS.
Max CVSS
6.1
EPSS Score
0.08%
Published
2022-02-25
Updated
2022-03-04
SAS Web Report Studio 4.4 allows XSS. /SASWebReportStudio/logonAndRender.do has two parameters: saspfs_request_backlabel_list and saspfs_request_backurl_list. The first one affects the content of the button placed in the top left. The second affects the page to which the user is directed after pressing the button, e.g., a malicious web page. In addition, the second parameter executes JavaScript, which means XSS is possible by adding a javascript: URL.
Max CVSS
6.1
EPSS Score
0.09%
Published
2022-02-19
Updated
2022-03-04
Jenkins Team Views Plugin 0.9.0 and earlier does not escape team names, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Read permission.
Max CVSS
5.4
EPSS Score
0.05%
Published
2022-02-15
Updated
2023-11-03
Jenkins Promoted Builds (Simple) Plugin 1.9 and earlier does not escape the name of custom promotion levels, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Administer permission.
Max CVSS
4.8
EPSS Score
0.05%
Published
2022-02-15
Updated
2023-11-03
Jenkins Agent Server Parameter Plugin 1.0 and earlier does not escape parameter names of agent server parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
Max CVSS
5.4
EPSS Score
0.05%
Published
2022-02-15
Updated
2023-11-03
Jenkins Custom Checkbox Parameter Plugin 1.1 and earlier does not escape parameter names of custom checkbox parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
Max CVSS
5.4
EPSS Score
0.05%
Published
2022-02-15
Updated
2023-11-30
Jenkins Generic Webhook Trigger Plugin 1.81 and earlier does not escape the build cause when using the webhook, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
Max CVSS
5.4
EPSS Score
0.05%
Published
2022-02-15
Updated
2023-10-25
Home Owners Collection Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the collected_by parameter under the List of Collections module.
Max CVSS
6.1
EPSS Score
0.08%
Published
2022-02-28
Updated
2022-03-08
A stored cross-site scripting (XSS) vulnerability in Ice Hrm 30.0.0.OS allows attackers to steal cookies via a crafted payload inserted into the First Name field.
Max CVSS
5.4
EPSS Score
0.06%
Published
2022-02-28
Updated
2022-03-09
Ice Hrm 30.0.0.OS was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the "m" parameter in the Dashboard of the current user. This vulnerability allows attackers to compromise session credentials via user interaction with a crafted link.
Max CVSS
6.1
EPSS Score
0.08%
Published
2022-02-28
Updated
2022-03-09