Search Results (Refine Search)
- Keyword (text search): xss
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2022-0964 |
Stored XSS viva .webmv file upload in GitHub repository star7th/showdoc prior to 2.10.4. Published: March 15, 2022; 12:15:08 PM -0400 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2022-0963 |
Unrestricted XML Files Leads to Stored XSS in GitHub repository microweber/microweber prior to 1.2.12. Published: March 15, 2022; 12:15:07 PM -0400 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2022-0942 |
Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to 2.10.4. Published: March 15, 2022; 10:15:07 AM -0400 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2022-0957 |
Stored XSS via File Upload in GitHub repository star7th/showdoc prior to 2.10.4. Published: March 15, 2022; 9:15:08 AM -0400 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2022-0956 |
Stored XSS via File Upload in GitHub repository star7th/showdoc prior to v.2.10.4. Published: March 15, 2022; 9:15:07 AM -0400 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2022-0951 |
File Upload Restriction Bypass leading to Stored XSS Vulnerability in GitHub repository star7th/showdoc prior to 2.10.4. Published: March 15, 2022; 5:15:08 AM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2022-0945 |
Stored XSS viva axd and cshtml file upload in star7th/showdoc in GitHub repository star7th/showdoc prior to v2.10.4. Published: March 15, 2022; 12:15:08 AM -0400 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2022-24749 |
Sylius is an open source eCommerce platform. In versions prior to 1.9.10, 1.10.11, and 1.11.2, it is possible to upload an SVG file containing cross-site scripting (XSS) code in the admin panel. In order to perform a XSS attack, the file itself has to be open in a new card or loaded outside of the IMG tag. The problem applies both to the files opened on the admin panel and shop pages. The issue is fixed in versions 1.9.10, 1.10.11, and 1.11.2. As a workaround, require a library that adds on-upload file sanitization and overwrite the service before writing the file to the filesystem. The GitHub Security Advisory contains more specific information about the workaround. Published: March 14, 2022; 6:15:07 PM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2022-0962 |
Stored XSS viva .webma file upload in GitHub repository star7th/showdoc prior to 2.10.4. Published: March 14, 2022; 12:15:07 PM -0400 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2022-0960 |
Stored XSS viva .properties file upload in GitHub repository star7th/showdoc prior to 2.10.4. Published: March 14, 2022; 11:15:10 AM -0400 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2021-41952 |
Zenario CMS 9.0.54156 is vulnerable to Cross Site Scripting (XSS) via upload file to *.SVG. An attacker can send malicious files to victims and steals victim's cookie leads to account takeover. The person viewing the image of a contact can be victim of XSS. Published: March 14, 2022; 11:15:09 AM -0400 |
V4.0:(not available) V3.1: 4.8 MEDIUM V2.0: 3.5 LOW |
CVE-2022-0946 |
Stored XSS viva cshtm file upload in GitHub repository star7th/showdoc prior to v2.10.4. Published: March 14, 2022; 10:15:07 AM -0400 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2022-24386 |
Stored XSS in SmarterTools SmarterTrack This issue affects: SmarterTools SmarterTrack 100.0.8019.14010. Published: March 14, 2022; 9:15:07 AM -0400 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2022-0941 |
Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to v2.10.4. Published: March 14, 2022; 9:15:07 AM -0400 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2022-0940 |
Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to v2.10.4. Published: March 14, 2022; 7:15:08 AM -0400 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2022-0938 |
Stored XSS via file upload in GitHub repository star7th/showdoc prior to v2.10.4. Published: March 14, 2022; 4:15:07 AM -0400 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2022-0937 |
Stored xss in showdoc through file upload in GitHub repository star7th/showdoc prior to 2.10.4. Published: March 13, 2022; 11:15:08 PM -0400 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2021-46709 |
phpLiteAdmin through 1.9.8.2 allows XSS via the index.php newRows parameter (aka num or number). Published: March 13, 2022; 3:15:08 PM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2021-45889 |
An issue was discovered in PONTON X/P Messenger before 3.11.2. Several functions are vulnerable to reflected XSS, as demonstrated by private/index.jsp?partners/ShowNonLocalPartners.do?localID= or private/index.jsp or private/index.jsp?database/databaseTab.jsp or private/index.jsp?activation/activationMainTab.jsp or private/index.jsp?communication/serverTab.jsp or private/index.jsp?emailNotification/notificationTab.jsp. Published: March 12, 2022; 9:15:07 PM -0500 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2021-45888 |
An issue was discovered in PONTON X/P Messenger before 3.11.2. The navigation tree that is shown on the left side of every page of the web application is vulnerable to XSS: it allows injection of JavaScript into its nodes. Creating such nodes is only possible for users who have the role Configuration Administrator or Administrator. Published: March 12, 2022; 9:15:07 PM -0500 |
V4.0:(not available) V3.1: 4.8 MEDIUM V2.0: 3.5 LOW |