| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability. |
| SAP NetWeaver Enterprise Portal does - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, not sufficiently encode user-controlled inputs over the network, resulting in reflected Cross-Site Scripting (XSS) vulnerability, therefore changing the scope of the attack. This leads to limited impact on confidentiality and integrity of data. |
| Complete Online Job Search System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the U_NAME parameter at /category/controller.php?action=edit. |
| Complete Online Job Search System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the CATEGORY parameter at /category/controller.php?action=edit. |
| kkFileView v4.1.0 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the urls and currentUrl parameters at /controller/OnlinePreviewController.java. |
| Renato v0.17.0 was discovered to contain a cross-site scripting (XSS) vulnerability. |
| A cross-site scripting (XSS) vulnerability in CherryTree v0.99.30 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field when creating a node. |
| Joplin v2.8.8 allows attackers to execute arbitrary commands via a crafted payload injected into the Node titles. |
| PyroCMS v3.9 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities. |
| Clinic's Patient Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via update_medicine_details.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Packing text box under the Update Medical Details module. |
| Totolink A3600R_Firmware V4.1.2cu.5182_B20201102 contains a hard code password for root in /etc/shadow.sample. |
| Paymoney v3.3 was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities via the first_name and last_name parameters. |
| Inout Blockchain AltExchanger v1.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/js. |
| OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain an HTML injection vulnerability via the location parameter at http://ip_address/:port/ossn/home. |
| OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting (XSS) vulnerability via the SitePages module. |
| OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting (XSS) vulnerability via the News Feed module. |
| OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Group Timeline module. |
| OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Users Timeline module. |
| An issue was discovered in MediaWiki before 1.35.7, 1.36.x and 1.37.x before 1.37.3, and 1.38.x before 1.38.1. XSS can occur in configurations that allow a JavaScript payload in a username. After account creation, when it sets the page title to "Welcome" followed by the username, the username is not escaped: SpecialCreateAccount::successfulAction() calls ::showSuccessPage() with a message as second parameter, and OutputPage::setPageTitle() uses text(). |
| An authentication bypass vulnerability exists in FileWave before 14.6.3 and 14.7.x before 14.7.2. Exploitation could allow an unauthenticated actor to gain access to the system with the highest authority possible and gain full control over the FileWave platform. |
