Halo-1.5.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via adminindex.html#/system/tools.
CWE-79
CVE-2022-28077
Home Owners Collection Management v1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the Admin panel via the $_GET[‘s’] parameter.
CVE-2022-28078
Home Owners Collection Management v1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the Admin panel via the $_GET[‘page’] parameter.
CVE-2022-28081
A reflected cross-site scripting (XSS) vulnerability in the component Query.php of arPHP v3.6.0 allows attackers to execute arbitrary web scripts.
CVE-2022-28094
SCBS Online Sports Venue Reservation System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the fid parameter at booking.php.
CVE-2022-28101
Turtlapp Turtle Note v0.7.2.6 does not filter the tag during markdown parsing, allowing attackers to execute HTML injection.