IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 236688.
CWE-79
CVE-2022-40778
A stored Cross-Site Scripting (XSS) vulnerability in OPSWAT MetaDefender ICAP Server before 4.13.0 allows attackers to execute arbitrary JavaScript or HTML because of the blocked page response.
CVE-2022-4067
Cross-site Scripting (XSS) – Stored in GitHub repository librenms/librenms prior to 22.10.0.
CVE-2022-40672
Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in CPO Shortcodes plugin <= 1.5.0 at WordPress.
CVE-2022-4068
A user is able to enable their own account if it was disabled by an admin while the user still holds a valid session. Moreover, the username is not properly sanitized in the admin user overview. This enables an XSS attack that enables an attacker with a low privilege user to execute arbitrary JavaScript in the context of an admin’s account.
CVE-2022-40680
A improper neutralization of input during web page generation (‘cross-site scripting’) in Fortinet FortiOS 6.0.7 – 6.0.15, 6.2.2 – 6.2.12, 6.4.0 – 6.4.9 and 7.0.0 – 7.0.3 allows a privileged attacker to execute unauthorized code or commands via storing malicious payloads in replacement messages.