Code Injection in GitHub repository microweber/microweber prior to 1.3.2.
CWE-79
CVE-2022-32442
u5cms version 8.3.5 is vulnerable to Cross Site Scripting (XSS). When a user accesses the default home page if the parameter passed in is http://127.0.0.1/? “Onmouseover=%27tzgl (96502)%27bad=”, it can cause html injection.
CVE-2022-32308
Cross Site Scripting (XSS) vulnerability in uBlock Origin extension before 1.41.1 allows remote attackers to run arbitrary code via a spoofed ‘MessageSender.url’ to the browser renderer process.
CVE-2022-3231
Cross-site Scripting (XSS) – Stored in GitHub repository librenms/librenms prior to 22.9.0.
CVE-2022-32318
Fast Food Ordering System v1.0 was discovered to contain a persistent cross-site scripting (XSS) vulnerability via the component /ffos/classes/Master.php?f=save_category.
CVE-2022-32247
SAP NetWeaver Enterprise Portal – versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the User inputs while interacting on the Network. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application.