Nguyen-Trung-Kien/CVE

GitHub

github.com

Releases0

Stars1

CVE Update

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2022-24589 ↗	Feb 15, 2022Tuesday, 15 February 2022, 19:15	6.1 MEDIUM	4.3 MEDIUM
Burden v3.0 was discovered to contain a stored cross-site scripting (XSS) in the Add Category function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the task parameter.
CVE-2022-24226 ↗	Feb 15, 2022Tuesday, 15 February 2022, 16:15	7.5 HIGH	5 MEDIUM
Hospital Management System v4.0 was discovered to contain a blind SQL injection vulnerability via the register function in func2.php.
CVE-2022-24585 ↗	Feb 15, 2022Tuesday, 15 February 2022, 16:15	5.4 MEDIUM	3.5 LOW
A stored cross-site scripting (XSS) vulnerability in the component /core/admin/comment.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the author parameter.
CVE-2022-24587 ↗	Feb 15, 2022Tuesday, 15 February 2022, 16:15	5.4 MEDIUM	3.5 LOW
A stored cross-site scripting (XSS) vulnerability in the component core/admin/medias.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML.
CVE-2022-24588 ↗	Feb 15, 2022Tuesday, 15 February 2022, 16:15	5.4 MEDIUM	3.5 LOW
Flatpress v1.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability in the Upload SVG File function.
CVE-2022-24590 ↗	Feb 15, 2022Tuesday, 15 February 2022, 16:15	5.4 MEDIUM	3.5 LOW
A stored cross-site scripting (XSS) vulnerability in the Add Link function of BackdropCMS v1.21.1 allows attackers to execute arbitrary web scripts or HTML.
CVE-2022-24227 ↗	Feb 15, 2022Tuesday, 15 February 2022, 15:15	6.1 MEDIUM	4.3 MEDIUM
A cross-site scripting (XSS) vulnerability in BoltWire v7.10 and v 8.00 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the name and lastname parameters.
CVE-2022-24586 ↗	Feb 15, 2022Tuesday, 15 February 2022, 14:15	5.4 MEDIUM	3.5 LOW
A stored cross-site scripting (XSS) vulnerability in the component /core/admin/categories.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the content and thumbnail parameters.
CVE-2021-46253 ↗	Feb 1, 2022Tuesday, 1 February 2022, 13:15	5.4 MEDIUM	3.5 LOW
A cross-site scripting (XSS) vulnerability in the Create Post function of Anchor CMS v0.12.7 allows attackers to execute arbitrary web scripts or HTML.
CVE-2021-46459 ↗	Jan 31, 2022Monday, 31 January 2022, 19:15	7.5 HIGH	5 MEDIUM
Victor CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities in the component admin/users.php?source=add_user. These vulnerabilities can be exploited through a crafted POST request via the user_name, user_firstname,user_lastname, or user_email parameters.
CVE-2021-46458 ↗	Jan 31, 2022Monday, 31 January 2022, 16:15	7.5 HIGH	5 MEDIUM
Victor CMS v1.0 was discovered to contain a SQL injection vulnerability in the component admin/posts.php?source=add_post. This vulnerability can be exploited through a crafted POST request via the post_title parameter.