Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2022-12-01 CVE-2022-3709 Cross-site Scripting vulnerability in Sophos XG Firewall Firmware 17.0/17.5/18.0
A stored XSS vulnerability allows admin to super-admin privilege escalation in the Webadmin import group wizard of Sophos Firewall older than version 19.5 GA.
network
low complexity
sophos CWE-79
8.4
2022-12-01 CVE-2022-45050 Cross-site Scripting vulnerability in Axiell Iguana
A reflected XSS vulnerability has been found in Axiell Iguana CMS, allowing an attacker to execute code in a victim's browser.
network
low complexity
axiell CWE-79
6.1
2022-12-01 CVE-2022-4249 Cross-site Scripting vulnerability in Movie Ticket Booking System Project Movie Ticket Booking System
A vulnerability, which was classified as problematic, was found in Movie Ticket Booking System.
6.1
2022-12-01 CVE-2022-40849 Cross-site Scripting vulnerability in Thinkcmf 6.0.7
ThinkCMF version 6.0.7 is affected by Stored Cross-Site Scripting (XSS).
network
low complexity
thinkcmf CWE-79
5.4
2022-11-30 CVE-2021-31740 Cross-site Scripting vulnerability in Seppmail
SEPPMail's web frontend, user input is not embedded correctly in the web page and therefore leads to cross-site scripting vulnerabilities (XSS).
network
low complexity
seppmail CWE-79
6.1
2022-11-30 CVE-2022-38801 Cross-site Scripting vulnerability in Zkteco Biotime
In Zkteco BioTime < 8.5.3 Build:20200816.447, an employee can hijack an administrator session and cookies using blind cross-site scripting.
network
low complexity
zkteco CWE-79
5.4
2022-11-30 CVE-2022-38802 Cross-site Scripting vulnerability in Zkteco Biotime
Zkteco BioTime < 8.5.3 Build:20200816.447 is vulnerable to Incorrect Access Control via resign, private message, manual log, time interval, attshift, and holiday.
network
low complexity
zkteco CWE-79
6.2
2022-11-30 CVE-2022-38803 Cross-site Scripting vulnerability in Zkteco Biotime
Zkteco BioTime < 8.5.3 Build:20200816.447 is vulnerable to Incorrect Access Control via Leave, overtime, Manual log.
network
low complexity
zkteco CWE-79
6.8
2022-11-30 CVE-2022-4233 Cross-site Scripting vulnerability in Event Registration System Project Event Registration System 1.0
A vulnerability has been found in SourceCodester Event Registration System 1.0 and classified as problematic.
network
low complexity
event-registration-system-project CWE-79
6.1
2022-11-29 CVE-2022-3896 Cross-site Scripting vulnerability in WP Affiliate Platform Project WP Affiliate Platform
The WP Affiliate Platform plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via $_SERVER["REQUEST_URI"] in versions up to, and including, 6.3.9 due to insufficient input sanitization and output escaping.
network
low complexity
wp-affiliate-platform-project CWE-79
6.1