CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2022(Cross Site Scripting (XSS))

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2022-46391 XSS 2022-12-04 2022-12-04
0.0
None ??? ??? ??? ??? ??? ???
AWStats 7.x through 7.8 allows XSS in the hostinfo plugin due to printing a response from Net::XWhois without proper checks.
2 CVE-2022-46148 79 XSS 2022-11-29 2022-12-01
0.0
None ??? ??? ??? ??? ??? ???
Discourse is an open-source messaging platform. In versions 2.8.10 and prior on the `stable` branch and versions 2.9.0.beta11 and prior on the `beta` and `tests-passed` branches, users composing malicious messages and navigating to drafts page could self-XSS. This vulnerability can lead to a full XSS on sites which have modified or disabled Discourse’s default Content Security Policy. This issue is patched in the latest stable, beta and tests-passed versions of Discourse.
3 CVE-2022-46147 79 XSS 2022-11-28 2022-12-01
0.0
None ??? ??? ??? ??? ??? ???
Drag and Drop XBlock v2 implements a drag-and-drop style problem, where a learner has to drag items to zones on a target image. Versions prior to 3.0.0 are vulnerable to cross-site scripting in multiple XBlock Fields. Any platform that has deployed the XBlock may be impacted. Version 3.0.0 contains a patch for this issue. There are no known workarounds.
4 CVE-2022-45472 79 XSS 2022-11-23 2022-11-26
0.0
None ??? ??? ??? ??? ??? ???
CAE LearningSpace Enterprise (with Intuity License) image 267r patch 639 allows DOM XSS, related to ontouchmove and onpointerup.
5 CVE-2022-45470 20 XSS 2022-11-21 2022-11-23
0.0
None ??? ??? ??? ??? ??? ???
** UNSUPPORTED WHEN ASSIGNED ** missing input validation in Apache Hama may cause information disclosure through path traversal and XSS. Since Apache Hama is EOL, we do not expect these issues to be fixed.
6 CVE-2022-45401 79 XSS 2022-11-15 2022-11-18
0.0
None ??? ??? ??? ??? ??? ???
Jenkins Associated Files Plugin 0.2.1 and earlier does not escape names of associated files, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
7 CVE-2022-45387 79 XSS 2022-11-15 2022-11-17
0.0
None ??? ??? ??? ??? ??? ???
Jenkins BART Plugin 1.0.3 and earlier does not escape the parsed content of build logs before rendering it on the Jenkins UI, resulting in a stored cross-site scripting (XSS) vulnerability.
8 CVE-2022-45382 79 XSS 2022-11-15 2022-11-18
0.0
None ??? ??? ??? ??? ??? ???
Jenkins Naginator Plugin 1.18.1 and earlier does not escape display names of source builds in builds that were triggered via Retry action, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to edit build display names.
9 CVE-2022-45380 79 XSS 2022-11-15 2022-11-18
0.0
None ??? ??? ??? ??? ??? ???
Jenkins JUnit Plugin 1159.v0b_396e1e07dd and earlier converts HTTP(S) URLs in test report output to clickable links in an unsafe manner, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
10 CVE-2022-45375 79 XSS 2022-11-17 2022-11-18
0.0
None ??? ??? ??? ??? ??? ???
Auth. Stored Cross-Site Scripting (XSS) vulnerability in iFeature Slider plugin <= 1.2 on WordPress.
11 CVE-2022-45363 79 XSS 2022-11-22 2022-11-28
0.0
None ??? ??? ??? ??? ??? ???
Auth. (subscriber+) Stored Cross-Site Scripting (XSS) in Muffingroup Betheme theme <= 26.6.1 on WordPress.
12 CVE-2022-45280 79 XSS 2022-11-23 2022-11-28
0.0
None ??? ??? ??? ??? ??? ???
A cross-site scripting (XSS) vulnerability in the Url parameter in /login.php of EyouCMS v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
13 CVE-2022-45225 79 XSS 2022-11-25 2022-12-01
0.0
None ??? ??? ??? ??? ??? ???
Book Store Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in /bsms_ci/index.php/book. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the book_title parameter.
14 CVE-2022-45224 79 XSS 2022-11-28 2022-11-30
0.0
None ??? ??? ??? ??? ??? ???
Web-Based Student Clearance System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in Admin/add-admin.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtfullname parameter.
15 CVE-2022-45223 79 XSS 2022-11-28 2022-11-30
0.0
None ??? ??? ??? ??? ??? ???
Web-Based Student Clearance System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in /Admin/add-student.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtfullname parameter.
16 CVE-2022-45221 79 XSS 2022-11-28 2022-11-30
0.0
None ??? ??? ??? ??? ??? ???
Web-Based Student Clearance System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in changepassword.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtnew_password parameter.
17 CVE-2022-45218 79 XSS 2022-11-25 2022-11-29
0.0
None ??? ??? ??? ??? ??? ???
Human Resource Management System v1.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability. This vulnerability is triggered via a crafted payload injected into an authentication error message.
18 CVE-2022-45215 XSS 2022-12-02 2022-12-02
0.0
None ??? ??? ??? ??? ??? ???
A cross-site scripting (XSS) vulnerability in Book Store Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under the Add New System User module.
19 CVE-2022-45214 79 XSS 2022-11-28 2022-11-30
0.0
None ??? ??? ??? ??? ??? ???
A cross-site scripting (XSS) vulnerability in Sanitization Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter at /php-sms/classes/Login.php.
20 CVE-2022-45151 79 Exec Code XSS 2022-11-23 2022-11-26
0.0
None ??? ??? ??? ??? ??? ???
The stored-XSS vulnerability was discovered in Moodle which exists due to insufficient sanitization of user-supplied data in several "social" user profile fields. An attacker could inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
21 CVE-2022-45150 79 Exec Code XSS 2022-11-23 2022-11-26
0.0
None ??? ??? ??? ??? ??? ???
A reflected cross-site scripting vulnerability was discovered in Moodle. This flaw exists due to insufficient sanitization of user-supplied data in policy tool. An attacker can trick the victim to open a specially crafted link that executes an arbitrary HTML and script code in user's browser in context of vulnerable website. This vulnerability may allow an attacker to perform cross-site scripting (XSS) attacks to gain access potentially sensitive information and modification of web pages.
22 CVE-2022-45082 79 XSS 2022-11-18 2022-11-23
0.0
None ??? ??? ??? ??? ??? ???
Multiple Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerabilities in Accordions plugin <= 2.0.3 on WordPress via &addons-style-name and &accordions_or_faqs_license_key.
23 CVE-2022-45050 79 Exec Code XSS 2022-12-01 2022-12-02
0.0
None ??? ??? ??? ??? ??? ???
A reflected XSS vulnerability has been found in Axiell Iguana CMS, allowing an attacker to execute code in a victim's browser. The title parameter on the twitter.php endpoint does not properly neutralise user input, resulting in the vulnerability.
24 CVE-2022-45040 79 XSS 2022-11-25 2022-11-28
0.0
None ??? ??? ??? ??? ??? ???
A cross-site scripting (XSS) vulnerability in /admin/pages/sections_save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name Section field.
25 CVE-2022-45038 79 XSS 2022-11-25 2022-11-28
0.0
None ??? ??? ??? ??? ??? ???
A cross-site scripting (XSS) vulnerability in /admin/settings/save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website Footer field.
26 CVE-2022-45037 79 XSS 2022-11-25 2022-11-28
0.0
None ??? ??? ??? ??? ??? ???
A cross-site scripting (XSS) vulnerability in /admin/users/index.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Display Name field.
27 CVE-2022-45036 79 XSS 2022-11-25 2022-11-28
0.0
None ??? ??? ??? ??? ??? ???
A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the No Results field.
28 CVE-2022-45017 79 XSS 2022-11-21 2022-11-21
0.0
None ??? ??? ??? ??? ??? ???
A cross-site scripting (XSS) vulnerability in the Overview Page settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Post Loop field.
29 CVE-2022-45016 79 XSS 2022-11-21 2022-11-21
0.0
None ??? ??? ??? ??? ??? ???
A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Footer field.
30 CVE-2022-45015 79 XSS 2022-11-21 2022-11-21
0.0
None ??? ??? ??? ??? ??? ???
A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Results Footer field.
31 CVE-2022-45014 79 XSS 2022-11-21 2022-11-21
0.0
None ??? ??? ??? ??? ??? ???
A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Results Header field.
32 CVE-2022-45013 79 XSS 2022-11-21 2022-11-21
0.0
None ??? ??? ??? ??? ??? ???
A cross-site scripting (XSS) vulnerability in the Show Advanced Option module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Section Header field.
33 CVE-2022-45012 79 XSS 2022-11-21 2022-11-21
0.0
None ??? ??? ??? ??? ??? ???
A cross-site scripting (XSS) vulnerability in the Modify Page module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Source field.
34 CVE-2022-44962 XSS 2022-12-02 2022-12-02
0.0
None ??? ??? ??? ??? ??? ???
webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /calendar/viewcalendar.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Subject field.
35 CVE-2022-44961 XSS 2022-12-02 2022-12-02
0.0
None ??? ??? ??? ??? ??? ???
webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /forums/editforum.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
36 CVE-2022-44960 XSS 2022-12-02 2022-12-02
0.0
None ??? ??? ??? ??? ??? ???
webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /general/search.php?searchtype=simple. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search field.
37 CVE-2022-44959 XSS 2022-12-02 2022-12-02
0.0
None ??? ??? ??? ??? ??? ???
webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /meetings/listmeetings.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
38 CVE-2022-44957 XSS 2022-12-02 2022-12-02
0.0
None ??? ??? ??? ??? ??? ???
webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /clients/listclients.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
39 CVE-2022-44956 XSS 2022-12-02 2022-12-02
0.0
None ??? ??? ??? ??? ??? ???
webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /projects/listprojects.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
40 CVE-2022-44955 XSS 2022-12-02 2022-12-02
0.0
None ??? ??? ??? ??? ??? ???
webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the Chat function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Messages field.
41 CVE-2022-44954 XSS 2022-12-02 2022-12-02
0.0
None ??? ??? ??? ??? ??? ???
webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /contacts/listcontacts.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Last Name field after clicking "Add".
42 CVE-2022-44953 XSS 2022-12-02 2022-12-02
0.0
None ??? ??? ??? ??? ??? ???
webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /linkedcontent/listfiles.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field after clicking "Add".
43 CVE-2022-44952 XSS 2022-12-02 2022-12-02
0.0
None ??? ??? ??? ??? ??? ???
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in /index.php?module=configuration/application. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Copyright Text field after clicking "Add".
44 CVE-2022-44951 XSS 2022-12-02 2022-12-02
0.0
None ??? ??? ??? ??? ??? ???
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Form tab function at /index.php?module=entities/forms&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
45 CVE-2022-44950 XSS 2022-12-02 2022-12-02
0.0
None ??? ??? ??? ??? ??? ???
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Field function at /index.php?module=entities/fields&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
46 CVE-2022-44949 XSS 2022-12-02 2022-12-02
0.0
None ??? ??? ??? ??? ??? ???
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Field function at /index.php?module=entities/fields&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Short Name field.
47 CVE-2022-44948 XSS 2022-12-02 2022-12-02
0.0
None ??? ??? ??? ??? ??? ???
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Entities Group feature at/index.php?module=entities/entities_groups. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field after clicking "Add".
48 CVE-2022-44947 XSS 2022-12-02 2022-12-02
0.0
None ??? ??? ??? ??? ??? ???
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Highlight Row feature at /index.php?module=entities/listing_types&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Note field after clicking "Add".
49 CVE-2022-44946 XSS 2022-12-02 2022-12-02
0.0
None ??? ??? ??? ??? ??? ???
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add Page function at /index.php?module=help_pages/pages&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field.
50 CVE-2022-44944 XSS 2022-12-02 2022-12-02
0.0
None ??? ??? ??? ??? ??? ???
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add Announcement function at /index.php?module=help_pages/pages&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field.
Total number of vulnerabilities : 3033   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.