Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-0834 | 1 Wpamelia | 1 Amelia | 2024-11-21 | 3.5 LOW | 7.2 HIGH |
|
The Amelia WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the lastName parameter found in the ~/src/Application/Controller/User/Customer/AddCustomerController.php file which allows attackers to inject arbitrary web scripts onto a pages that executes whenever a user accesses the booking calendar with the date the attacker has injected the malicious payload into. This affects versions up to and including 1.0.46.
|
|||||
| CVE-2022-0832 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3.
|
|||||
| CVE-2022-0831 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3.
|
|||||
| CVE-2022-0822 | 1 Orchardcore | 1 Orchardcore | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Reflected in GitHub repository orchardcms/orchardcore prior to 1.3.0.
|
|||||
| CVE-2022-0820 | 1 Orchardcore | 1 Orchardcore | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository orchardcms/orchardcore prior to 1.3.0.
|
|||||
| CVE-2022-0818 | 1 Yithemes | 1 Woocommerce Affiliate | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The WooCommerce Affiliate Plugin WordPress plugin before 4.16.4.5 does not have authorization and CSRF checks on a specific action handler, as well as does not sanitize its settings, which enables an unauthenticated attacker to inject malicious XSS payloads into the settings page of the plugin.
|
|||||
| CVE-2022-0801 | 1 Google | 1 Chrome | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Inappropriate implementation in HTML parser in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to bypass XSS preventions via a crafted HTML page. (Chrome security severity: Medium)
|
|||||
| CVE-2022-0780 | 1 Searchiq | 1 Searchiq | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The SearchIQ WordPress plugin before 3.9 contains a flag to disable the verification of CSRF nonces, granting unauthenticated attackers access to the siq_ajax AJAX action and allowing them to perform Cross-Site Scripting attacks due to the lack of sanitisation and escaping in the customCss parameter
|
|||||
| CVE-2022-0776 | 1 Revealjs | 1 Reveal.js | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site Scripting (XSS) - DOM in GitHub repository hakimel/reveal.js prior to 4.3.0.
|
|||||
| CVE-2022-0772 | 1 Librenms | 1 Librenms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.2.2.
|
|||||
| CVE-2022-0765 | 1 Loco Translate Project | 1 Loco Translate | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
The Loco Translate WordPress plugin before 2.6.1 does not properly remove inline events from elements in the source translation strings before outputting them in the editor in the plugin admin panel, allowing any user with access to the plugin (Translator and Administrator by default) to add arbitrary javascript payloads to the source strings leading to a stored cross-site scripting (XSS) vulnerability.
|
|||||
| CVE-2022-0763 | 1 Microweber | 1 Microweber | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.
|
|||||
| CVE-2022-0758 | 1 Rapid7 | 1 Nexpose | 2024-11-21 | 4.3 MEDIUM | 3.3 LOW |
|
Rapid7 Nexpose versions 6.6.129 and earlier suffer from a reflected cross site scripting vulnerability, within the shared scan configuration component of the tool. With this vulnerability an attacker could pass literal values as the test credentials, providing the opportunity for a potential XSS attack. This issue is fixed in Rapid7 Nexpose version 6.6.130.
|
|||||
| CVE-2022-0753 | 1 Hestiacp | 1 Control Panel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.5.9.
|
|||||
| CVE-2022-0752 | 1 Hestiacp | 1 Control Panel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site Scripting (XSS) - Generic in GitHub repository hestiacp/hestiacp prior to 1.5.9.
|
|||||
| CVE-2022-0748 | 1 Post-loader Project | 1 Post-loader | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The package post-loader from 0.0.0 are vulnerable to Arbitrary Code Execution which uses a markdown parser in an unsafe way so that any javascript code inside the markdown input files gets evaluated and executed.
|
|||||
| CVE-2022-0743 | 1 Getgrav | 1 Grav | 2024-11-21 | 3.5 LOW | 4.6 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository getgrav/grav prior to 1.7.31.
|
|||||
| CVE-2022-0737 | 1 Text Hover Project | 1 Text Hover | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
The Text Hover WordPress plugin before 4.2 does not sanitize and escape the text to hover, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
|
|||||
| CVE-2022-0734 | 1 Zyxel | 64 Atp100, Atp100 Firmware, Atp100w and 61 more | 2024-11-21 | 4.3 MEDIUM | 5.8 MEDIUM |
|
A cross-site scripting vulnerability was identified in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.35 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.35 through 5.20, and VPN series firmware versions 4.35 through 5.20, that could allow an attacker to obtain some information stored in the user's browser, such as cookies or session tokens, via a malicious script.
|
|||||
| CVE-2022-0728 | 1 Pootlepress | 1 Easy Smooth Scroll Links | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
The Easy Smooth Scroll Links WordPress plugin before 2.23.1 does not sanitise and escape its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
|
|||||
| CVE-2022-0723 | 1 Microweber | 1 Microweber | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.11.
|
|||||
| CVE-2022-0719 | 1 Microweber | 1 Microweber | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.3.
|
|||||
| CVE-2022-0710 | 1 Draftpress | 1 Header Footer Code Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The Header Footer Code Manager plugin <= 1.1.16 for WordPress is vulnerable to Reflected Cross-Site Scripting (XSS) via the $_REQUEST['page'] parameter.
|
|||||
| CVE-2022-0705 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0.
|
|||||
| CVE-2022-0704 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0.
|
|||||
| CVE-2022-0703 | 1 Gd-mylist Project | 1 Gd-mylist | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
The GD Mylist WordPress plugin through 1.1.1 does not sanitise and escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
|
|||||
| CVE-2022-0702 | 1 Unboxinteractive | 1 Petfinder-listings | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
The Petfinder Listings WordPress plugin through 1.0.18 does not escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
|
|||||
| CVE-2022-0701 | 1 Seo-301-meta Project | 1 Seo-301-meta | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
The SEO 301 Meta WordPress plugin through 1.9.1 does not escape its Request and Destination settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
|
|||||
| CVE-2022-0700 | 1 Chrsinteractive | 1 Simple Tracking | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
The Simple Tracking WordPress plugin before 1.7 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
|
|||||
| CVE-2022-0690 | 1 Microweber | 1 Microweber | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11.
|
|||||
| CVE-2022-0684 | 1 Wp Home Page Menu Project | 1 Wp Home Page Menu | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
The WP Home Page Menu WordPress plugin before 3.1 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
|
|||||
| CVE-2022-0683 | 1 Wpdeveloper | 1 Essential Addons For Elementor | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The Essential Addons for Elementor Lite WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the settings parameter found in the ~/includes/Traits/Helper.php file which allows attackers to inject arbitrary web scripts onto a pages that executes whenever a user clicks on a specially crafted link by an attacker. This affects versions up to and including 5.0.8.
|
|||||
| CVE-2022-0680 | 1 Plezi | 1 Plezi | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The Plezi WordPress plugin before 1.0.3 has a REST endpoint allowing unauthenticated users to update the plz_configuration_tracker_enable option, which is then displayed in the admin panel without sanitisation and escaping, leading to a Stored Cross-Site Scripting issue
|
|||||
| CVE-2022-0678 | 1 Microweber | 1 Microweber | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11.
|
|||||
| CVE-2022-0674 | 1 Kunze-medien | 1 Kunze Law | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
The Kunze Law WordPress plugin before 2.1 does not escape its 'E-Mail Error "From" Address' settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
|
|||||
| CVE-2022-0663 | 1 Printfriendly | 1 Print\, Pdf\, Email By Printfriendly | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
The Print, PDF, Email by PrintFriendly WordPress plugin before 5.2.3 does not sanitise and escape the Custom Button Text settings, which could allow high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
|
|||||
| CVE-2022-0662 | 1 Ajdg | 1 Adrotate | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
The AdRotate WordPress plugin before 5.8.23 does not sanitise and escape Advert Names which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
|
|||||
| CVE-2022-0659 | 1 Sync Qcloud Cos Project | 1 Sync Qcloud Cos | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
The Sync QCloud COS WordPress plugin before 2.0.1 does not escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
|
|||||
| CVE-2022-0653 | 1 Cozmoslabs | 1 Profile Builder | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The Profile Builder – User Profile & User Registration Forms WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the site_url parameter found in the ~/assets/misc/fallback-page.php file which allows attackers to inject arbitrary web scripts onto a pages that executes whenever a user clicks on a specially crafted link by an attacker. This affects versions up to and including 3.6.1.
|
|||||
| CVE-2022-0649 | 1 Ajdg | 1 Adrotate | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
The AdRotate WordPress plugin before 5.8.23 does not escape Group Names, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
|
|||||