Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-2371 | 1 Yaycommerce | 1 Yaysmtp | 2024-11-21 | N/A | 5.4 MEDIUM |
|
The YaySMTP WordPress plugin before 2.2.1 does not have proper authorisation when saving its settings, allowing users with a role as low as subscriber to change them, and use that to conduct Stored Cross-Site Scripting attack due to the lack of escaping in them as well.
|
|||||
| CVE-2022-2365 | 1 Trilium Project | 1 Trilium | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository zadam/trilium prior to 0.53.3.
|
|||||
| CVE-2022-2364 | 1 Simple Parking Management System Project | 1 Simple Parking Management System | 2024-11-21 | 3.5 LOW | 3.5 LOW |
|
A vulnerability, which was classified as problematic, was found in SourceCodester Simple Parking Management System 1.0. This affects an unknown part of the file /ci_spms/admin/category. The manipulation of the argument vehicle_type with the input "><script>alert("XSS")</script> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2022-2363 | 1 Simple Parking Management System Project | 1 Simple Parking Management System | 2024-11-21 | 3.5 LOW | 3.5 LOW |
|
A vulnerability, which was classified as problematic, has been found in SourceCodester Simple Parking Management System 1.0. Affected by this issue is some unknown functionality of the file /ci_spms/admin/search/searching/. The manipulation of the argument search with the input "><script>alert("XSS")</script> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2022-2361 | 1 Quadlayers | 1 Wp Social Chat | 2024-11-21 | N/A | 4.8 MEDIUM |
|
The WP Social Chat WordPress plugin before 6.0.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks.
|
|||||
| CVE-2022-2351 | 1 Wpexperts | 1 Post Smtp | 2024-11-21 | N/A | 4.8 MEDIUM |
|
The Post SMTP Mailer/Email Log WordPress plugin before 2.1.4 does not escape some of its settings before outputting them in the admins dashboard, allowing high privilege users to perform Cross-Site Scripting attacks against other users even when the unfiltered_html capability is disallowed.
|
|||||
| CVE-2022-2342 | 1 Getoutline | 1 Outline | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository outline/outline prior to v0.64.4.
|
|||||
| CVE-2022-2341 | 1 Simple Page Transition Project | 1 Simple Page Transition | 2024-11-21 | N/A | 4.8 MEDIUM |
|
The Simple Page Transition WordPress plugin through 1.4.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup)
|
|||||
| CVE-2022-2340 | 1 W-dalil Project | 1 W-dalil | 2024-11-21 | N/A | 4.8 MEDIUM |
|
The W-DALIL WordPress plugin through 2.0 does not sanitise and escape some of its fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup)
|
|||||
| CVE-2022-2328 | 1 Flexi Quote Rotator Project | 1 Flexi Quote Rotator | 2024-11-21 | N/A | 4.8 MEDIUM |
|
The Flexi Quote Rotator WordPress plugin through 0.9.4 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
|
|||||
| CVE-2022-2325 | 1 Securebit | 1 Invitation Based Registrations | 2024-11-21 | N/A | 4.8 MEDIUM |
|
The Invitation Based Registrations WordPress plugin through 2.2.84 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup)
|
|||||
| CVE-2022-2316 | 1 Devolutions | 1 Devolutions Server | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
HTML injection vulnerability in secure messages of Devolutions Server before 2022.2 allows attackers to alter the rendering of the page or redirect a user to another site.
|
|||||
| CVE-2022-2305 | 1 Timersys | 1 Popups | 2024-11-21 | N/A | 4.8 MEDIUM |
|
The WordPress Popup WordPress plugin through 1.9.3.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup)
|
|||||
| CVE-2022-2300 | 1 Microweber | 1 Microweber | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.19.
|
|||||
| CVE-2022-2299 | 1 Allow Svg Files Project | 1 Allow Svg Files | 2024-11-21 | N/A | 5.4 MEDIUM |
|
The Allow SVG Files WordPress plugin through 1.1 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads
|
|||||
| CVE-2022-2293 | 1 Simple Sales Management System Project | 1 Simple Sales Management System | 2024-11-21 | 3.5 LOW | 3.5 LOW |
|
A vulnerability classified as problematic was found in SourceCodester Simple Sales Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /ci_ssms/index.php/orders/create. The manipulation of the argument customer_name with the input <script>alert("XSS")</script> leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2022-2292 | 1 Hotel Management System Project | 1 Hotel Management System | 2024-11-21 | 3.5 LOW | 3.5 LOW |
|
A vulnerability classified as problematic has been found in SourceCodester Hotel Management System 2.0. Affected is an unknown function of the file /ci_hms/massage_room/edit/1 of the component Room Edit Page. The manipulation of the argument massageroomDetails with the input "><script>alert("XSS")</script> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2022-2291 | 1 Hotel Management System Project | 1 Hotel Management System | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
A vulnerability was found in SourceCodester Hotel Management System 2.0. It has been rated as problematic. This issue affects some unknown processing of the file /ci_hms/search of the component Search. The manipulation of the argument search with the input "><script>alert("XSS")</script> leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2022-2280 | 1 Microweber | 1 Microweber | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.19.
|
|||||
| CVE-2022-2278 | 1 Fifu | 1 Featured Image From Url | 2024-11-21 | N/A | 4.8 MEDIUM |
|
The Featured Image from URL (FIFU) WordPress plugin before 4.0.1 does not validate, sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup)
|
|||||
| CVE-2022-2271 | 1 Wpseeds | 1 Wp Database Backup | 2024-11-21 | N/A | 4.8 MEDIUM |
|
The WP Database Backup WordPress plugin before 5.9 does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup)
|
|||||
| CVE-2022-2266 | 1 Yordam | 1 Library Automation System | 2024-11-21 | N/A | 6.1 MEDIUM |
|
University Library Automation System developed by Yordam Bilgi Teknolojileri before version 19.2 has an unauthenticated Reflected XSS vulnerability. This has been fixed in the version 19.2
|
|||||
| CVE-2022-2256 | 1 Redhat | 1 Single Sign-on | 2024-11-21 | N/A | 3.8 LOW |
|
A Stored Cross-site scripting (XSS) vulnerability was found in keycloak as shipped in Red Hat Single Sign-On 7. This flaw allows a privileged attacker to execute malicious scripts in the admin console, abusing the default roles functionality.
|
|||||
| CVE-2022-2254 | 1 Webhmi | 2 Webhmi, Webhmi Firmware | 2024-11-21 | 3.5 LOW | 6.2 MEDIUM |
|
A user with administrative privileges in Distributed Data Systems WebHMI 4.1.1.7662 can store a script that could impact other logged in users.
|
|||||
| CVE-2022-2235 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.5 LOW | 8.7 HIGH |
|
Insufficient sanitization in GitLab EE's external issue tracker affecting all versions from 14.5 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to perform cross-site scripting when a victim clicks on a maliciously crafted ZenTao link
|
|||||
| CVE-2022-2230 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.5 LOW | 8.1 HIGH |
|
A Stored Cross-Site Scripting vulnerability in the project settings page in GitLab CE/EE affecting all versions from 14.4 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows an attacker to execute arbitrary JavaScript code in GitLab on a victim's behalf.
|
|||||
| CVE-2022-2219 | 1 Brizy | 1 Unyson | 2024-11-21 | N/A | 7.2 HIGH |
|
The Unyson WordPress plugin before 2.7.27 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting
|
|||||
| CVE-2022-2218 | 1 Parse-url Project | 1 Parse-url | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository ionicabizau/parse-url prior to 7.0.0.
|
|||||
| CVE-2022-2217 | 1 Parse-url Project | 1 Parse-url | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site Scripting (XSS) - Generic in GitHub repository ionicabizau/parse-url prior to 7.0.0.
|
|||||
| CVE-2022-2215 | 1 Givewp | 1 Givewp | 2024-11-21 | N/A | 4.8 MEDIUM |
|
The GiveWP WordPress plugin before 2.21.3 does not properly sanitise and escape the currency settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup)
|
|||||
| CVE-2022-2213 | 1 Library Management System Project | 1 Library Management System | 2024-11-21 | 3.5 LOW | 3.5 LOW |
|
A vulnerability was found in SourceCodester Library Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/edit_admin_details.php?id=admin. The manipulation of the argument Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2022-2199 | 1 Micodus | 2 Mv720, Mv720 Firmware | 2024-11-21 | N/A | 7.5 HIGH |
|
The main MiCODUS MV720 GPS tracker web server has a reflected cross-site scripting vulnerability that could allow an attacker to gain control by tricking a user into making a request.
|
|||||
| CVE-2022-2194 | 1 Tipsandtricks-hq | 1 Accept Stripe | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
The Accept Stripe Payments WordPress plugin before 2.0.64 does not sanitize and escape some of its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
|
|||||
| CVE-2022-2189 | 1 Tipsandtricks-hq | 1 Wp Video Lightbox | 2024-11-21 | N/A | 6.1 MEDIUM |
|
The WP Video Lightbox WordPress plugin before 1.9.5 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers
|
|||||
| CVE-2022-2187 | 1 Contact Form 7 Captcha Project | 1 Contact Form 7 Captcha | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The Contact Form 7 Captcha WordPress plugin before 0.1.2 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers
|
|||||
| CVE-2022-2186 | 1 Bracketspace | 1 Simple Post Notes | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
The Simple Post Notes WordPress plugin before 1.7.6 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
|
|||||
| CVE-2022-2181 | 1 Sigmaplugin | 1 Advanced Wordpress Reset | 2024-11-21 | N/A | 6.1 MEDIUM |
|
The Advanced WordPress Reset WordPress plugin before 1.6 does not escape some generated URLs before outputting them back in href attributes of admin dashboard pages, leading to Reflected Cross-Site Scripting
|
|||||
| CVE-2022-2178 | 1 Saysis | 1 Starcities | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saysis Computer Starcities allows Cross-Site Scripting (XSS).This issue affects Starcities: before 1.1.
|
|||||
| CVE-2022-2174 | 1 Microweber | 1 Microweber | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.18.
|
|||||
| CVE-2022-2173 | 1 Sigmaplugin | 1 Advanced Database Cleaner | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The Advanced Database Cleaner WordPress plugin before 3.1.1 does not escape numerous generated URLs before outputting them back in href attributes of admin dashboard pages, leading to Reflected Cross-Site Scripting
|
|||||