In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters debug and InsId in interfacebillingsl_eob_process.php leads to multiple cross-site scripting (XSS) vulnerabilities.
CWE-79
CVE-2022-29940
In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters formseq and formid in interfaceordersfind_order_popup.php leads to multiple cross-site scripting (XSS) vulnerabilities.
CVE-2022-29947
Woodpecker before 0.15.1 allows XSS via build logs because web/src/components/repo/build/BuildLog.vue lacks escaping.
CVE-2022-29969
The RSS extension before 2022-04-29 for MediaWiki allows XSS via an rss element (if the feed is in $wgRSSUrlWhitelist and $wgRSSAllowLinkTag is true).
CVE-2022-29975
An Authenticated Reflected Cross-site scripting at CC Parameter was discovered in MDaemon before 22.0.0 .
CVE-2022-29976
An Authenticated Reflected Cross-site scripting at BCC Parameter was discovered in MDaemon before 22.0.0 .