Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-2170 | 1 Microsoft | 1 Microsoft Advertising Universal Event Tracking | 2024-11-21 | N/A | 4.8 MEDIUM |
|
The Microsoft Advertising Universal Event Tracking (UET) WordPress plugin before 1.0.4 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. Due to the nature of this plugin, well crafted XSS can also leak into the frontpage.
|
|||||
| CVE-2022-2169 | 1 Dwbooster | 1 Loading Page With Loading Screen | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
The Loading Page with Loading Screen WordPress plugin before 1.0.83 does not escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
|
|||||
| CVE-2022-2152 | 1 Duplicate Page And Post Project | 1 Duplicate Page And Post | 2024-11-21 | N/A | 4.8 MEDIUM |
|
The Duplicate Page and Post WordPress plugin before 2.8 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
|
|||||
| CVE-2022-2151 | 1 Emarketdesign | 1 Best Contact Management Software | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
The Best Contact Management Software WordPress plugin through 3.7.3 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
|
|||||
| CVE-2022-2149 | 1 Very Simple Breadcrumb Project | 1 Very Simple Breadcrumb | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
The Very Simple Breadcrumb WordPress plugin through 1.0 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
|
|||||
| CVE-2022-2148 | 1 Linkedin Company Updates Project | 1 Linkedin Company Updates | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
The LinkedIn Company Updates WordPress plugin through 1.5.3 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
|
|||||
| CVE-2022-2140 | 1 Smartics | 1 Smartics | 2024-11-21 | 6.0 MEDIUM | 8.8 HIGH |
|
Elcomplus SmartICS v2.3.4.0 does not neutralize user-controllable input, which allows an authenticated user to inject arbitrary code into specific parameters.
|
|||||
| CVE-2022-2130 | 1 Microweber | 1 Microweber | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.17.
|
|||||
| CVE-2022-2118 | 1 Tooltulips | 1 404s | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
The 404s WordPress plugin before 3.5.1 does not sanitise and escape its fields, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
|
|||||
| CVE-2022-2116 | 1 Webacetechs | 1 Contact Form Db - Elementor | 2024-11-21 | N/A | 6.1 MEDIUM |
|
The Contact Form DB WordPress plugin before 1.8.0 does not sanitise and escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting
|
|||||
| CVE-2022-2115 | 1 Essentialplugin | 1 Popup Anything | 2024-11-21 | N/A | 6.1 MEDIUM |
|
The Popup Anything WordPress plugin before 2.1.7 does not sanitise and escape a parameter before outputting it back in a frontend page, leading to a Reflected Cross-Site Scripting
|
|||||
| CVE-2022-2114 | 1 Supsystic | 1 Data Tables Generator | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
The Data Tables Generator by Supsystic WordPress plugin before 1.10.20 does not sanitise and escape some of its Table settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup)
|
|||||
| CVE-2022-2113 | 1 Inventree Project | 1 Inventree | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository inventree/inventree prior to 0.7.2.
|
|||||
| CVE-2022-2100 | 1 Wpzinc | 1 Page Generator | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
The Page Generator WordPress plugin before 1.6.5 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
|
|||||
| CVE-2022-2093 | 1 Ninjateam | 1 Wp Duplicate Page | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
The WP Duplicate Page WordPress plugin before 1.3 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.
|
|||||
| CVE-2022-2092 | 1 Wpovernight | 1 Woocommerce Pdf Invoices\& Packing Slips | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 2.16.0 doesn't escape a parameter on its setting page, making it possible for attackers to conduct reflected cross-site scripting attacks.
|
|||||
| CVE-2022-2090 | 1 Flycart | 1 Discount Rules For Woocommerce | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The Discount Rules for WooCommerce WordPress plugin before 2.4.2 does not escape a parameter before outputting it back in an attribute of the plugin's discount rule page, leading to Reflected Cross-Site Scripting
|
|||||
| CVE-2022-2089 | 1 Bold-themes | 1 Bold Page Builder | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
The Bold Page Builder WordPress plugin before 4.3.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.
|
|||||
| CVE-2022-2087 | 1 Bank Management System Project | 1 Bank Management System | 2024-11-21 | 3.5 LOW | 3.5 LOW |
|
A vulnerability, which was classified as problematic, was found in SourceCodester Bank Management System 1.0. This affects the file /mnotice.php?id=2. The manipulation of the argument notice with the input <script>alert(1)</script> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2022-2072 | 1 Name Directory Project | 1 Name Directory | 2024-11-21 | N/A | 6.1 MEDIUM |
|
The Name Directory WordPress plugin before 1.25.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. Furthermore, as the payload is also saved into the database after the request, it leads to a Stored XSS as well
|
|||||
| CVE-2022-2066 | 1 Facturascripts | 1 Facturascripts | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site Scripting (XSS) - Reflected in GitHub repository neorazorx/facturascripts prior to 2022.06.
|
|||||
| CVE-2022-2065 | 1 Facturascripts | 1 Facturascripts | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository neorazorx/facturascripts prior to 2022.06.
|
|||||
| CVE-2022-2060 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr/dolibarr prior to 16.0.
|
|||||
| CVE-2022-2059 | 1 Pandorafms | 1 Pandora Fms | 2024-11-21 | N/A | 3.5 LOW |
|
In Pandora FMS v7.0NG.761 and below, in the agent creation section, the alias parameter is vulnerable to a Stored Cross Site-Scripting. This vulnerability can be exploited by an attacker with administrator privileges logged in the system.
|
|||||
| CVE-2022-2050 | 1 Maxfoundry | 1 Wp-paginate | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
The WP-Paginate WordPress plugin before 2.1.9 does not escape one of its settings, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when unfiltered_html is disallowed
|
|||||
| CVE-2022-2036 | 1 Rosariosis | 1 Rosariosis | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0.1.
|
|||||
| CVE-2022-2035 | 1 Ltgplc | 1 Rustici Software Scorm Engine | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A reflected cross-site scripting (XSS) vulnerability exists in the playerConfUrl parameter in the /defaultui/player/modern.html file for SCORM Engine versions < 20.1.45.914, 21.1.x < 21.1.7.219. The issue exists because there are no limitations on the domain or format of the url supplied by the user, allowing an attacker to craft malicious urls which can trigger a reflected XSS payload in the context of a victim's browser.
|
|||||
| CVE-2022-2032 | 1 Pandorafms | 1 Pandora Fms | 2024-11-21 | N/A | 3.5 LOW |
|
In Pandora FMS v7.0NG.761 and below, in the file manager section, the dirname parameter is vulnerable to a Stored Cross Site-Scripting. This vulnerability can be exploited by an attacker with administrator privileges logged in the system.
|
|||||
| CVE-2022-2029 | 1 Kromit | 1 Titra | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - DOM in GitHub repository kromitgmbh/titra prior to 0.77.0.
|
|||||
| CVE-2022-2028 | 1 Kromit | 1 Titra | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Generic in GitHub repository kromitgmbh/titra prior to 0.77.0.
|
|||||
| CVE-2022-2026 | 1 Kromit | 1 Titra | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository kromitgmbh/titra prior to 0.77.0.
|
|||||
| CVE-2022-2020 | 1 Prison Management System Project | 1 Prison Management System | 2024-11-21 | 3.5 LOW | 2.4 LOW |
|
A vulnerability, which was classified as problematic, has been found in SourceCodester Prison Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/?page=system_info of the component System Name Handler. The manipulation with the input <img src="" onerror="alert(1)"> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2022-2016 | 1 Facturascripts | 1 Facturascripts | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Reflected in GitHub repository neorazorx/facturascripts prior to 2022.1.
|
|||||
| CVE-2022-2015 | 1 Diagrams | 1 Drawio | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 19.0.2.
|
|||||
| CVE-2022-29976 | 1 Altn | 1 Mdaemon | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
An Authenticated Reflected Cross-site scripting at BCC Parameter was discovered in MDaemon before 22.0.0 .
|
|||||
| CVE-2022-29975 | 1 Altn | 1 Mdaemon | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
An Authenticated Reflected Cross-site scripting at CC Parameter was discovered in MDaemon before 22.0.0 .
|
|||||
| CVE-2022-29969 | 1 Mediawiki | 1 Rss For Mediawiki | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The RSS extension before 2022-04-29 for MediaWiki allows XSS via an rss element (if the feed is in $wgRSSUrlWhitelist and $wgRSSAllowLinkTag is true).
|
|||||
| CVE-2022-29947 | 1 Woodpecker-ci | 1 Woodpecker | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Woodpecker before 0.15.1 allows XSS via build logs because web/src/components/repo/build/BuildLog.vue lacks escaping.
|
|||||
| CVE-2022-29940 | 1 Librehealth | 1 Librehealth Ehr | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters formseq and formid in interface\orders\find_order_popup.php leads to multiple cross-site scripting (XSS) vulnerabilities.
|
|||||
| CVE-2022-29939 | 1 Librehealth | 1 Librehealth Ehr | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters debug and InsId in interface\billing\sl_eob_process.php leads to multiple cross-site scripting (XSS) vulnerabilities.
|
|||||