Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-0648 | 1 I13websolution | 1 Team Circle Image Slider With Lightbox | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The Team Circle Image Slider With Lightbox WordPress plugin before 1.0.16 does not sanitize and escape the order_pos parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.
|
|||||
| CVE-2022-0647 | 1 Bulk Creator Project | 1 Bulk Creator | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The Bulk Creator WordPress plugin through 1.0.1 does not sanitize and escape the post_type parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.
|
|||||
| CVE-2022-0643 | 1 Bank Mellat Project | 1 Bank Mellat | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The Bank Mellat WordPress plugin through 1.3.7 does not sanitize and escape the orderId parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.
|
|||||
| CVE-2022-0641 | 1 Ays-pro | 1 Popup Like Box | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The Popup Like box WordPress plugin before 3.6.1 does not sanitize and escape the ays_fb_tab parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.
|
|||||
| CVE-2022-0640 | 1 Wpdevart | 1 Pricing Table Builder | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The Pricing Table Builder WordPress plugin before 1.1.5 does not sanitize and escape the postid parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.
|
|||||
| CVE-2022-0628 | 1 Accesspressthemes | 1 Ap Mega Menu | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The Mega Menu WordPress plugin before 3.0.8 does not sanitize and escape the _wpnonce parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.
|
|||||
| CVE-2022-0627 | 1 Tms-outsource | 1 Amelia | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The Amelia WordPress plugin before 1.0.47 does not sanitize and escape the code parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.
|
|||||
| CVE-2022-0626 | 1 Kuroit | 1 Advanced Admin Search | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The Advanced Admin Search WordPress plugin before 1.1.6 does not sanitize and escape some parameters before outputting them back in an admin page, leading to a Reflected Cross-Site Scripting.
|
|||||
| CVE-2022-0625 | 1 Admin Menu Editor Project | 1 Admin Menu Editor | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The Admin Menu Editor WordPress plugin through 1.0.4 does not sanitize and escape a parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.
|
|||||
| CVE-2022-0621 | 1 Dtabs Project | 1 Dtabs | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The dTabs WordPress plugin through 1.4 does not sanitize and escape the tab parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.
|
|||||
| CVE-2022-0620 | 1 Deleteoldorders Project | 1 Delete Old Orders | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The Delete Old Orders WordPress plugin through 0.2 does not sanitize and escape the date parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.
|
|||||
| CVE-2022-0619 | 1 Database Peek Project | 1 Database Peek | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The Database Peek WordPress plugin through 1.2 does not sanitize and escape the match parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.
|
|||||
| CVE-2022-0612 | 1 Livehelperchat | 1 Live Helper Chat | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.
|
|||||
| CVE-2022-0602 | 1 Tastyigniter | 1 Tastyigniter | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - DOM in GitHub repository tastyigniter/tastyigniter prior to 3.3.0.
|
|||||
| CVE-2022-0601 | 1 Edmonsoft | 1 Countdown\, Coming Soon\, Maintenance - Countdown \& Clock | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The Countdown, Coming Soon, Maintenance WordPress plugin before 2.2.9 does not sanitize and escape the post parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.
|
|||||
| CVE-2022-0600 | 1 Myceliumdesign | 1 Conference Scheduler | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The Conference Scheduler WordPress plugin before 2.4.3 does not sanitize and escape the tab parameter before outputting back in an admin page, leading to a Reflected Cross-Site Scripting.
|
|||||
| CVE-2022-0599 | 1 Mapping Multiple Urls Redirect Same Page Project | 1 Mapping Multiple Urls Redirect Same Page | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The Mapping Multiple URLs Redirect Same Page WordPress plugin through 5.8 does not sanitize and escape the mmursp_id parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.
|
|||||
| CVE-2022-0598 | 1 Idehweb | 1 Login With Phone Number | 2024-11-21 | N/A | 4.8 MEDIUM |
|
The Login with phone number WordPress plugin before 1.3.8 does not sanitise and escape plugin settings which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
|
|||||
| CVE-2022-0595 | 1 Codedropz | 1 Drag And Drop Multiple File Upload - Contact Form 7 | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
The Drag and Drop Multiple File Upload WordPress plugin before 1.3.6.3 allows SVG files to be uploaded by default via the dnd_codedropz_upload AJAX action, which could lead to Stored Cross-Site Scripting issue
|
|||||
| CVE-2022-0590 | 1 Ait-pro | 1 Bulletproof Security | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
The BulletProof Security WordPress plugin before 5.8 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
|
|||||
| CVE-2022-0589 | 1 Librenms | 1 Librenms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in Packagist librenms/librenms prior to 22.1.0.
|
|||||
| CVE-2022-0576 | 1 Librenms | 1 Librenms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site Scripting (XSS) - Generic in Packagist librenms/librenms prior to 22.1.0.
|
|||||
| CVE-2022-0575 | 1 Librenms | 1 Librenms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in Packagist librenms/librenms prior to 22.2.0.
|
|||||
| CVE-2022-0571 | 2 Fedoraproject, Phoronix-media | 3 Extra Packages For Enterprise Linux, Fedora, Phoronix Test Suite | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site Scripting (XSS) - Reflected in GitHub repository phoronix-test-suite/phoronix-test-suite prior to 10.8.2.
|
|||||
| CVE-2022-0558 | 1 Microweber | 1 Microweber | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11.
|
|||||
| CVE-2022-0542 | 1 Chatwoot | 1 Chatwoot | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Cross-site Scripting (XSS) - DOM in GitHub repository chatwoot/chatwoot prior to 2.7.0.
|
|||||
| CVE-2022-0539 | 1 Beanstalk Console Project | 1 Beanstalk Console | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in Packagist ptrofimov/beanstalk_console prior to 1.7.14.
|
|||||
| CVE-2022-0535 | 1 E2pdf | 1 E2pdf | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
The E2Pdf WordPress plugin before 1.16.45 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
|
|||||
| CVE-2022-0533 | 1 Metaphorcreations | 1 Ditty | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The Ditty (formerly Ditty News Ticker) WordPress plugin before 3.0.15 is affected by a Reflected Cross-Site Scripting (XSS) vulnerability.
|
|||||
| CVE-2022-0531 | 1 Wpvivid | 1 Migration\, Backup\, Staging | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The Migration, Backup, Staging WordPress plugin before 0.9.70 does not sanitise and escape the sub_page parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting
|
|||||
| CVE-2022-0527 | 1 Chatwoot | 1 Chatwoot | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository chatwoot/chatwoot prior to 2.2.0.
|
|||||
| CVE-2022-0526 | 1 Chatwoot | 1 Chatwoot | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository chatwoot/chatwoot prior to 2.2.0.
|
|||||
| CVE-2022-0510 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Reflected in Packagist pimcore/pimcore prior to 10.3.1.
|
|||||
| CVE-2022-0509 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.3.1.
|
|||||
| CVE-2022-0506 | 1 Microweber | 1 Microweber | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11.
|
|||||
| CVE-2022-0503 | 1 Obtaininfotech | 1 Multisite Content Copier\/updater | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The WordPress Multisite Content Copier/Updater WordPress plugin before 2.1.2 does not sanitise and escape the s parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue in the network dashboard
|
|||||
| CVE-2022-0502 | 1 Livehelperchat | 1 Live Helper Chat | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.
|
|||||
| CVE-2022-0501 | 1 Beanstalk Console Project | 1 Beanstalk Console | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site Scripting (XSS) - Reflected in Packagist ptrofimov/beanstalk_console prior to 1.7.12.
|
|||||
| CVE-2022-0475 | 1 Otrs | 1 Otrs | 2024-11-21 | 3.5 LOW | 3.5 LOW |
|
Malicious translator is able to inject JavaScript code in few translatable strings (where HTML is allowed). The code could be executed in the Package manager. This issue affects: OTRS AG OTRS 7.0.x version: 7.0.32 and prior versions, 8.0.x version: 8.0.19 and prior versions.
|
|||||
| CVE-2022-0473 | 1 Otrs | 1 Otrs | 2024-11-21 | 3.5 LOW | 3.8 LOW |
|
OTRS administrators can configure dynamic field and inject malicious JavaScript code in the error message of the regular expression check. When used in the agent interface, malicious code might be exectued in the browser. This issue affects: OTRS AG OTRS 7.0.x version: 7.0.31 and prior versions.
|
|||||