ReportizFlow
Filtered by vendor
Subscriptions
Total
45117 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-38322 | 1 Twitter Friends Widget Project | 1 Twitter Friends Widget | 2025-05-05 | 6.1 Medium |
| The Twitter Friends Widget WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the pmc_TF_user and pmc_TF_password parameter found in the ~/twitter-friends-widget.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.1. | ||||
| CVE-2021-38325 | 1 User-activation-email Project | 1 User-activation-email | 2025-05-05 | 6.1 Medium |
| The User Activation Email WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the uae-key parameter found in the ~/user-activation-email.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.3.0. | ||||
| CVE-2021-38323 | 1 30lines | 1 Rentpress | 2025-05-05 | 6.1 Medium |
| The RentPress WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the selections parameter found in the ~/src/rentPress/AjaxRequests.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 6.6.4. | ||||
| CVE-2021-36206 | 1 Johnsoncontrols | 1 Cevas | 2025-05-05 | 10 Critical |
| All versions of CEVAS prior to 1.01.46 do not sufficiently validate user-controllable input and could allow a user to bypass authentication and retrieve data with specially crafted SQL queries. | ||||
| CVE-2022-42753 | 1 Salonerp Project | 1 Salonerp | 2025-05-05 | 6.1 Medium |
| SalonERP version 3.0.2 allows an external attacker to steal the cookie of arbitrary users. This is possible because the application does not correctly validate the page parameter against XSS attacks. | ||||
| CVE-2022-42750 | 1 Auieo | 1 Candidats | 2025-05-05 | 8.8 High |
| CandidATS version 3.0.0 allows an external attacker to steal the cookie of arbitrary users. This is possible because the application does not correctly validate the files uploaded by the user. | ||||
| CVE-2022-42749 | 1 Auieo | 1 Candidats | 2025-05-05 | 6.1 Medium |
| CandidATS version 3.0.0 on 'page' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks. | ||||
| CVE-2022-42748 | 1 Auieo | 1 Candidats | 2025-05-05 | 6.1 Medium |
| CandidATS version 3.0.0 on 'sortDirection' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks. | ||||
| CVE-2022-42747 | 1 Auieo | 1 Candidats | 2025-05-05 | 6.1 Medium |
| CandidATS version 3.0.0 on 'sortBy' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks. | ||||
| CVE-2022-42746 | 1 Auieo | 1 Candidats | 2025-05-05 | 6.1 Medium |
| CandidATS version 3.0.0 on 'indexFile' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks. | ||||
| CVE-2022-41435 | 1 Openwrt | 1 Luci | 2025-05-05 | 5.4 Medium |
| OpenWRT LuCI version git-22.140.66206-02913be was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /system/sshkeys.js. This vulnerability allows attackers to execute arbitrary web scripts or HTML via crafted public key comments. | ||||
| CVE-2022-30615 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2025-05-05 | 5.4 Medium |
| "IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 227592. | ||||
| CVE-2024-50053 | 1 Zohocorp | 3 Manageengine Servicedesk Plus, Manageengine Servicedesk Plus Msp, Manageengine Supportcentre Plus | 2025-05-05 | 6.3 Medium |
| Zohocorp ManageEngine ServiceDesk Plus versions below 14920 , ServiceDesk Plus MSP and SupportCentre Plus versions below 14910 are vulnerable to Stored XSS in the task feature. | ||||
| CVE-2022-43372 | 1 Emlog | 1 Emlog | 2025-05-05 | 4.8 Medium |
| Emlog Pro v1.7.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability at /admin/store.php. | ||||
| CVE-2024-21395 | 1 Microsoft | 1 Dynamics 365 | 2025-05-03 | 8.2 High |
| Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | ||||
| CVE-2024-21328 | 1 Microsoft | 1 Dynamics 365 | 2025-05-03 | 7.6 High |
| Dynamics 365 Sales Spoofing Vulnerability | ||||
| CVE-2024-20679 | 1 Microsoft | 1 Azure Stack Hub | 2025-05-03 | 6.5 Medium |
| Azure Stack Hub Spoofing Vulnerability | ||||
| CVE-2024-21394 | 1 Microsoft | 1 Dynamics 365 | 2025-05-03 | 7.6 High |
| Dynamics 365 Field Service Spoofing Vulnerability | ||||
| CVE-2024-21393 | 1 Microsoft | 1 Dynamics 365 | 2025-05-03 | 7.6 High |
| Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | ||||
| CVE-2024-21389 | 1 Microsoft | 1 Dynamics 365 | 2025-05-03 | 7.6 High |
| Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | ||||