Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-47509 | 1 Solarwinds | 1 Orion Platform | 2024-11-21 | N/A | 6.1 MEDIUM |
|
The SolarWinds Platform was susceptible to the Incorrect Input Neutralization Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform account to append URL parameters to inject HTML.
|
|||||
| CVE-2022-47449 | 1 Rextheme | 1 Cart Lift - Abandoned Cart Recovery For Woocommerce And Edd | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in RexTheme Cart Lift – Abandoned Cart Recovery for WooCommerce and EDD plugin <= 3.1.5 versions.
|
|||||
| CVE-2022-47444 | 1 Properfraction | 1 Profilepress | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ProfilePress Membership Team Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin <= 4.5.3 versions.
|
|||||
| CVE-2022-47441 | 1 Wpcharitable | 1 Charitable | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Charitable Donations & Fundraising Team Donation Forms by Charitable plugin <= 1.7.0.10 versions.
|
|||||
| CVE-2022-47439 | 1 Rocketapps | 1 Open Graphite | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Rocket Apps Open Graphite plugin <= 1.6.0 versions.
|
|||||
| CVE-2022-47438 | 1 Wpdevart | 1 Booking Calendar | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in WpDevArt Booking calendar, Appointment Booking System plugin <= 3.2.3 versions.
|
|||||
| CVE-2022-47437 | 1 Wsb Brands Project | 1 Wsb Brands | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Branko Borilovic WSB Brands plugin <= 1.1.8 versions.
|
|||||
| CVE-2022-47436 | 1 Mantrabrain | 1 Yatra | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MantraBrain Yatra allows Stored XSS.This issue affects Yatra: from n/a through 2.1.14.
|
|||||
| CVE-2022-47435 | 1 Wp-olivecart Project | 1 Wp-olivecart | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Olive Design WP-OliveCart plugin <= 1.1.3 versions.
|
|||||
| CVE-2022-47434 | 1 Bajorat-media | 1 Pb Seo Friendly Images | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PB SEO Friendly Images plugin <= 4.0.5 versions.
|
|||||
| CVE-2022-47431 | 1 Tussendoor | 1 Open Rdw Kenteken Voertuiginformatie | 2024-11-21 | N/A | 7.1 HIGH |
|
Reflected Cross-Site Scripting (XSS) vulnerability in Tussendoor internet & marketing Open RDW kenteken voertuiginformatie plugin <= 2.0.14 versions.
|
|||||
| CVE-2022-47423 | 1 Wp-dtree Project | 1 Wp-dtree | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ulf Benjaminsson WP-dTree plugin <= 4.4.5 versions.
|
|||||
| CVE-2022-47421 | 1 Armemberplugin | 1 Armember | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Repute InfoSystems ARMember (free), Repute InfoSystems ARMember (premium) plugins.
|
|||||
| CVE-2022-47373 | 1 Pandorafms | 1 Pandora Fms | 2024-11-21 | N/A | 6.4 MEDIUM |
|
Reflected Cross Site Scripting in Search Functionality of Module Library in Pandora FMS Console v766 and lower. This vulnerability arises on the forget password functionality in which parameter username does not proper input validation/sanitization thus results in executing malicious JavaScript payload.
|
|||||
| CVE-2022-47372 | 1 Pandorafms | 1 Pandora Fms | 2024-11-21 | N/A | 7.6 HIGH |
|
Stored cross-site scripting vulnerability in the Create event section in Pandora FMS Console v766 and lower. An attacker typically exploits this vulnerability by injecting XSS payloads on popular pages of a site or passing a link to a victim, tricking them into viewing the page that contains the stored XSS payload.
|
|||||
| CVE-2022-47187 | 1 Generex | 2 Cs141, Cs141 Firmware | 2024-11-21 | N/A | 5.3 MEDIUM |
|
There is a file upload XSS vulnerability in Generex CS141 below 2.06 version. The web application allows file uploading, making it possible to upload a file with HTML content. When HTML files are allowed, XSS payload can be injected into the uploaded file.
|
|||||
| CVE-2022-47173 | 1 Advancedformintegration | 1 Advanced Form Integration | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in nasirahmed Connect Contact Form 7, WooCommerce To Google Sheets & Other Platforms – Advanced Form Integration plugin <= 1.62.0 versions.
|
|||||
| CVE-2022-47171 | 1 Ip Vault - Wp Firewall Project | 1 Ip Vault - Wp Firewall | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Paul C. Schroeder IP Vault – WP Firewall plugin <= 1.1 versions.
|
|||||
| CVE-2022-47170 | 1 Unlimited-elements | 1 Unlimited Elements For Elementor | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin <= 1.5.48 versions.
|
|||||
| CVE-2022-47158 | 1 Alfred24 Click \& Collect Project | 1 Alfred24 Click \& Collect | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pakpobox alfred24 Click & Collect plugin <= 1.1.7 versions.
|
|||||
| CVE-2022-47157 | 1 Webhammer | 1 Wp Custom Fields Search | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Don Benjamin WP Custom Fields Search plugin <= 1.2.34 versions.
|
|||||
| CVE-2022-47146 | 1 Contempothemes | 1 Real Estate 7 | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Contempoinc Real Estate 7 WordPress theme <= 3.3.1 versions.
|
|||||
| CVE-2022-47145 | 1 Blockonomics | 1 Blockonomics | 2024-11-21 | N/A | 7.1 HIGH |
|
Reflected Cross-Site Scripting (XSS) vulnerability in Blockonomics WordPress Bitcoin Payments – Blockonomics plugin <= 3.5.7 versions.
|
|||||
| CVE-2022-47140 | 1 Reputeinfosystems | 1 Armember | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Repute InfoSystems ARMember plugin <= 4.0.1 versions.
|
|||||
| CVE-2022-47137 | 1 Wpmanageninja | 1 Ninja Tables | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPManageNinja LLC Ninja Tables plugin <= 4.3.4 versions.
|
|||||
| CVE-2022-46864 | 1 Woocommerce Custom Checkout Fields Editor With Drag \& Drop Project | 1 Woocommerce Custom Checkout Fields Editor With Drag \& Drop | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Umair Saleem Woocommerce Custom Checkout Fields Editor With Drag & Drop plugin <= 0.1 versions.
|
|||||
| CVE-2022-46863 | 1 Fullworksplugins | 1 Quick Event Manager | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Event Manager plugin <= 9.6.4 versions.
|
|||||
| CVE-2022-46861 | 1 Web-settler | 1 Custom Login Page Styler | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Zia Imtiaz Custom Login Page Styler for WordPress plugin <= 6.2 versions.
|
|||||
| CVE-2022-46858 | 1 Product Specifications For Woocommerce Project | 1 Product Specifications For Woocommerce | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Amin A.Rezapour Product Specifications for Woocommerce plugin <= 0.6.0 versions.
|
|||||
| CVE-2022-46855 | 1 Wpdarko | 1 Responsive Pricing Table | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WP Darko Responsive Pricing Table plugin <= 5.1.6 versions.
|
|||||
| CVE-2022-46848 | 1 Themeisle | 1 Visualizer | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Themeisle Visualizer: Tables and Charts Manager for WordPress plugin <= 3.9.1 versions.
|
|||||
| CVE-2022-46844 | 1 Pixelgrade | 1 Pixfields | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in PixelGrade PixFields plugin <= 0.7.0 versions.
|
|||||
| CVE-2022-46843 | 1 Levantoan | 1 Woocommerce Vietnam Checkout | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Le Van Toan Woocommerce Vietnam Checkout plugin <= 2.0.4 versions.
|
|||||
| CVE-2022-46823 | 1 Mendix | 1 Saml | 2024-11-21 | N/A | 9.3 CRITICAL |
|
A vulnerability has been identified in Mendix SAML (Mendix 8 compatible) (All versions >= V2.3.0 < V2.3.4), Mendix SAML (Mendix 9 compatible, New Track) (All versions >= V3.3.0 < V3.3.9), Mendix SAML (Mendix 9 compatible, Upgrade Track) (All versions >= V3.3.0 < V3.3.8). The affected module is vulnerable to reflected cross-site scripting (XSS) attacks. This could allow an attacker to extract sensitive information by tricking users into accessing a malicious link.
|
|||||
| CVE-2022-46822 | 1 Jazzcash | 1 Woocommerce Jazzcash Gateway | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in JC Development Team WooCommerce JazzCash Gateway Plugin plugin <= 2.0 versions.
|
|||||
| CVE-2022-46819 | 1 Gopiplus | 1 Continuous Announcement Scroller | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Continuous announcement scroller plugin <= 13.0 versions.
|
|||||
| CVE-2022-46817 | 1 Flyzoo | 1 Flyzoo Chat | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Flyzoo Flyzoo Chat plugin <= 2.3.3 versions.
|
|||||
| CVE-2022-46799 | 1 I13websolution | 1 Easy Testimonial Slider And Form | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Easy Testimonial Slider and Form plugin <= 1.0.15 versions.
|
|||||
| CVE-2022-46786 | 1 Squaredup | 1 Dashboard Server | 2024-11-21 | N/A | 5.4 MEDIUM |
|
SquaredUp Dashboard Server SCOM edition before 5.7.1 GA allows XSS (issue 2 of 2).
|
|||||
| CVE-2022-46785 | 1 Squaredup | 1 Dashboard Server | 2024-11-21 | N/A | 6.1 MEDIUM |
|
SquaredUp Dashboard Server SCOM edition before 5.7.1 GA allows XSS (issue 1 of 2).
|
|||||