Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-1275 | 1 Stillbreathing | 1 Bannerman | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
The BannerMan WordPress plugin through 0.2.4 does not sanitize or escape its settings, which could allow high-privileged users to perform Cross-Site Scripting attacks when the unfiltered_html is disallowed (such as in multisite)
|
|||||
| CVE-2022-1274 | 1 Redhat | 8 Enterprise Linux, Enterprise Linux For Ibm Z Systems, Enterprise Linux For Ibm Z Systems Eus and 5 more | 2024-11-21 | N/A | 5.4 MEDIUM |
|
A flaw was found in Keycloak in the execute-actions-email endpoint. This issue allows arbitrary HTML to be injected into emails sent to Keycloak users and can be misused to perform phishing or other attacks against users.
|
|||||
| CVE-2022-1269 | 1 Fastflow | 1 Fastflow | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The Fast Flow WordPress plugin before 1.2.12 does not sanitise and escape the page parameter before outputting back in an attribute in an admin dashboard, leading to a Reflected Cross-Site Scripting
|
|||||
| CVE-2022-1268 | 1 Donate Extra Project | 1 Donate Extra | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The Donate Extra WordPress plugin through 2.02 does not sanitise and escape a parameter before outputting it back in the response, leading to a Reflected cross-Site Scripting
|
|||||
| CVE-2022-1267 | 1 Bmi Bmr Calculator Project | 1 Bmi Bmr Calculator | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The BMI BMR Calculator WordPress plugin through 1.3 does not sanitise and escape arbitrary POST data before outputting it back in the response, leading to a Reflected Cross-Site Scripting
|
|||||
| CVE-2022-1266 | 1 Wpwax | 1 Post Grid\, Slider \& Carousel Ultimate | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
The Post Grid, Slider & Carousel Ultimate WordPress plugin before 1.5.0 does not sanitise and escape the Header Title, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
|
|||||
| CVE-2022-1265 | 1 Ait-pro | 1 Bulletproof Security | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
The BulletProof Security WordPress plugin before 6.1 does not sanitize and escape some of its CAPTCHA settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
|
|||||
| CVE-2022-1255 | 1 Codection | 1 Import And Export Users And Customers | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
The Import and export users and customers WordPress plugin before 1.19.2.1 does not sanitise and escaped imported CSV data, which could allow high privilege users to import malicious javascript code and lead to Stored Cross-Site Scripting issues
|
|||||
| CVE-2022-1250 | 1 Lifterlms | 1 Lifterlms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The LifterLMS PayPal WordPress plugin before 1.4.0 does not sanitise and escape some parameters from the payment confirmation page before outputting them back in the page, leading to a Reflected Cross-Site Scripting issue
|
|||||
| CVE-2022-1241 | 1 2code | 1 Ask Me | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The Ask me WordPress theme before 6.8.2 does not properly sanitise and escape several of the fields in the Edit Profile page, leading to Reflected Cross-Site Scripting issues
|
|||||
| CVE-2022-1234 | 1 Livehelperchat | 1 Live Helper Chat | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
XSS in livehelperchat in GitHub repository livehelperchat/livehelperchat prior to 3.97. This vulnerability has the potential to deface websites, result in compromised user accounts, and can run malicious code on web pages, which can lead to a compromise of the user’s device.
|
|||||
| CVE-2022-1231 | 2 Fedoraproject, Plantuml | 2 Fedora, Plantuml | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
XSS via Embedded SVG in SVG Diagram Format in GitHub repository plantuml/plantuml prior to 1.2022.4. Stored XSS in the context of the diagram embedder. Depending on the actual context, this ranges from stealing secrets to account hijacking or even to code execution for example in desktop applications. Web based applications are the ones most affected. Since the SVG format allows clickable links in diagrams, it is commonly used in plugins for web based projects (like the Confluence plugin, etc. s ...
Show More |
|||||
| CVE-2022-1228 | 1 Opensea Project | 1 Opeansea | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
The Opensea WordPress plugin before 1.0.3 does not sanitize and escape some of its settings, like its "Referer address" field, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
|
|||||
| CVE-2022-1221 | 1 Gwyn\'s Imagemap Selector Project | 1 Gwyn\'s Imagemap Selector | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The Gwyn's Imagemap Selector WordPress plugin through 0.3.3 does not sanitise and escape some parameters before outputting them back in attributes, leading to a Reflected Cross-Site Scripting.
|
|||||
| CVE-2022-1220 | 1 Foxy-shop | 1 Foxyshop | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The FoxyShop WordPress plugin before 4.8.2 does not sanitise and escape a parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting
|
|||||
| CVE-2022-1218 | 1 Duogeek | 1 Domain Replace | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The Domain Replace WordPress plugin through 1.3.8 does not sanitise and escape a parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting
|
|||||
| CVE-2022-1217 | 1 Custom Tinymce Shortcode Button Project | 1 Custom Tinymce Shortcode Button | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The Custom TinyMCE Shortcode Button WordPress plugin through 1.1 does not sanitise and escape the PHP_SELF variable before outputting it back in an attribute in an admin page, leading to Reflected Cross-Site Scripting.
|
|||||
| CVE-2022-1216 | 1 Advanced Image Sitemap Project | 1 Advanced Image Sitemap | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The Advanced Image Sitemap WordPress plugin through 1.2 does not sanitise and escape the PHP_SELF PHP variable before outputting it back in an attribute in an admin page, leading to Reflected Cross-Site Scripting.
|
|||||
| CVE-2022-1192 | 1 Turn Off All Comments Project | 1 Turn Off All Comments | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The Turn off all comments WordPress plugin through 1.0 does not sanitise and escape the rows parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting
|
|||||
| CVE-2022-1190 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.5 LOW | 8.7 HIGH |
|
Improper handling of user input in GitLab CE/EE versions 8.3 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowed an attacker to exploit a stored XSS by abusing multi-word milestone references in issue descriptions, comments, etc.
|
|||||
| CVE-2022-1181 | 1 Open-emr | 1 Openemr | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.2.
|
|||||
| CVE-2022-1180 | 1 Open-emr | 1 Openemr | 2024-11-21 | 3.5 LOW | 3.5 LOW |
|
Reflected Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4.
|
|||||
| CVE-2022-1179 | 1 Open-emr | 1 Openemr | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Non-Privilege User Can Created New Rule and Lead to Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4.
|
|||||
| CVE-2022-1178 | 1 Open-emr | 1 Openemr | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4.
|
|||||
| CVE-2022-1175 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 MEDIUM | 8.7 HIGH |
|
Improper neutralization of user input in GitLab CE/EE versions 14.4 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 allowed an attacker to exploit XSS by injecting HTML in notes.
|
|||||
| CVE-2022-1173 | 1 Getgrav | 1 Grav | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
stored xss in GitHub repository getgrav/grav prior to 1.7.33.
|
|||||
| CVE-2022-1171 | 1 Vertical Scroll Recent Post Project | 1 Vertical Scroll Recent Post | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The Vertical scroll recent post WordPress plugin before 14.0 does not sanitise and escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting
|
|||||
| CVE-2022-1170 | 1 Nootheme | 1 Jobmonster | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
In the Noo JobMonster WordPress theme before 4.5.2.9 JobMonster there is a XSS vulnerability as the input for the search form is provided through unsanitized GET requests.
|
|||||
| CVE-2022-1169 | 1 Eyecix | 1 Careerfy | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
There is a XSS vulnerability in Careerfy.
|
|||||
| CVE-2022-1168 | 1 Eyecix | 1 Jobsearch Wp Job Board | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
There is a Cross-Site Scripting vulnerability in the JobSearch WP JobSearch WordPress plugin before 1.5.1.
|
|||||
| CVE-2022-1167 | 1 Apusthemes | 1 Careerup | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
There are unauthenticated reflected Cross-Site Scripting (XSS) vulnerabilities in CareerUp Careerup WordPress theme before 2.3.1, via the filter parameters.
|
|||||
| CVE-2022-1164 | 1 Wztechno | 1 Wyzi | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The Wyzi Theme was affected by reflected XSS vulnerabilities in the business search feature
|
|||||
| CVE-2022-1163 | 1 Mineweb | 1 Minewebcms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository mineweb/minewebcms prior to next.
|
|||||
| CVE-2022-1156 | 1 Books \& Papers Project | 1 Books \& Papers | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
The Books & Papers WordPress plugin through 0.20210223 does not escape its Custom DB prefix settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
|
|||||
| CVE-2022-1152 | 1 Menubar | 1 Menubar | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
The Menubar WordPress plugin before 5.8 does not sanitise and escape the command parameter before outputting it back in the response via the menubar AJAX action (available to any authenticated users), leading to a Reflected Cross-Site Scripting
|
|||||
| CVE-2022-1112 | 1 Autolinks Project | 1 Autolinks | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
The Autolinks WordPress plugin through 1.0.1 does not have CSRF check in place when updating its settings, and does not sanitise as well as escape them, which could allow attackers to perform Stored Cross-Site scripting against a logged in admin via a CSRF attack
|
|||||
| CVE-2022-1104 | 1 Code-atlantic | 1 Popup Maker | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
The Popup Maker WordPress plugin before 1.16.5 does not sanitise and escape some of its Popup settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
|
|||||
| CVE-2022-1102 | 1 Event Management System Project | 1 Event Management System | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability classified as problematic has been found in SourceCodester Royale Event Management System 1.0. Affected is an unknown function of the file /royal_event/companyprofile.php. The manipulation of the argument companyname/regno/companyaddress/companyemail leads to cross site scripting. It is possible to launch the attack remotely. VDB-195786 is the identifier assigned to this vulnerability.
|
|||||
| CVE-2022-1095 | 1 Mihdan\ | 1 No External Links Project | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
The Mihdan: No External Links WordPress plugin before 5.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
|
|||||
| CVE-2022-1093 | 1 Joomunited | 1 Wp Meta Seo | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
The WP Meta SEO WordPress plugin before 4.4.7 does not sanitise or escape the breadcrumb separator before outputting it to the page, allowing a high privilege user such as an administrator to inject arbitrary javascript into the page even when unfiltered html is disallowed.
|
|||||