Total
38457 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-47590 | 1 Fugu | 1 Maintenance Switch | 2024-11-21 | N/A | 7.1 HIGH |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Fugu Maintenance Switch plugin <= 1.5.2 versions. | |||||
| CVE-2022-47589 | 1 Thisfunctional | 1 Ctt Expresso Para Woocommerce | 2024-11-21 | N/A | 5.9 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in this.Functional CTT Expresso para WooCommerce plugin <= 3.2.11 versions. | |||||
| CVE-2022-47587 | 1 Wp Search Analytics Project | 1 Wp Search Analytics | 2024-11-21 | N/A | 5.9 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Cornel Raiu WP Search Analytics plugin <= 1.4.5 versions. | |||||
| CVE-2022-47509 | 1 Solarwinds | 1 Orion Platform | 2024-11-21 | N/A | 6.1 MEDIUM |
| The SolarWinds Platform was susceptible to the Incorrect Input Neutralization Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform account to append URL parameters to inject HTML. | |||||
| CVE-2022-47449 | 1 Rextheme | 1 Cart Lift - Abandoned Cart Recovery For Woocommerce And Edd | 2024-11-21 | N/A | 7.1 HIGH |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in RexTheme Cart Lift – Abandoned Cart Recovery for WooCommerce and EDD plugin <= 3.1.5 versions. | |||||
| CVE-2022-47444 | 1 Properfraction | 1 Profilepress | 2024-11-21 | N/A | 7.1 HIGH |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ProfilePress Membership Team Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin <= 4.5.3 versions. | |||||
| CVE-2022-47441 | 1 Wpcharitable | 1 Charitable | 2024-11-21 | N/A | 7.1 HIGH |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Charitable Donations & Fundraising Team Donation Forms by Charitable plugin <= 1.7.0.10 versions. | |||||
| CVE-2022-47439 | 1 Rocketapps | 1 Open Graphite | 2024-11-21 | N/A | 7.1 HIGH |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Rocket Apps Open Graphite plugin <= 1.6.0 versions. | |||||
| CVE-2022-47438 | 1 Wpdevart | 1 Booking Calendar | 2024-11-21 | N/A | 5.9 MEDIUM |
| Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in WpDevArt Booking calendar, Appointment Booking System plugin <= 3.2.3 versions. | |||||
| CVE-2022-47437 | 1 Wsb Brands Project | 1 Wsb Brands | 2024-11-21 | N/A | 5.9 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Branko Borilovic WSB Brands plugin <= 1.1.8 versions. | |||||
| CVE-2022-47436 | 1 Mantrabrain | 1 Yatra | 2024-11-21 | N/A | 5.9 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MantraBrain Yatra allows Stored XSS.This issue affects Yatra: from n/a through 2.1.14. | |||||
| CVE-2022-47435 | 1 Wp-olivecart Project | 1 Wp-olivecart | 2024-11-21 | N/A | 5.9 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Olive Design WP-OliveCart plugin <= 1.1.3 versions. | |||||
| CVE-2022-47434 | 1 Bajorat-media | 1 Pb Seo Friendly Images | 2024-11-21 | N/A | 5.9 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PB SEO Friendly Images plugin <= 4.0.5 versions. | |||||
| CVE-2022-47433 | 1 Multi Rating Project | 1 Multi Rating | 2024-11-21 | N/A | 7.1 HIGH |
| Unauth. Reflected Cross-Site Scripting vulnerability in Daniel Powney Multi Rating plugin <= 5.0.5 versions. | |||||
| CVE-2022-47431 | 1 Tussendoor | 1 Open Rdw Kenteken Voertuiginformatie | 2024-11-21 | N/A | 7.1 HIGH |
| Reflected Cross-Site Scripting (XSS) vulnerability in Tussendoor internet & marketing Open RDW kenteken voertuiginformatie plugin <= 2.0.14 versions. | |||||
| CVE-2022-47423 | 1 Wp-dtree Project | 1 Wp-dtree | 2024-11-21 | N/A | 5.9 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ulf Benjaminsson WP-dTree plugin <= 4.4.5 versions. | |||||
| CVE-2022-47421 | 1 Armemberplugin | 1 Armember | 2024-11-21 | N/A | 5.9 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Repute InfoSystems ARMember (free), Repute InfoSystems ARMember (premium) plugins. | |||||
| CVE-2022-47373 | 1 Pandorafms | 1 Pandora Fms | 2024-11-21 | N/A | 6.4 MEDIUM |
| Reflected Cross Site Scripting in Search Functionality of Module Library in Pandora FMS Console v766 and lower. This vulnerability arises on the forget password functionality in which parameter username does not proper input validation/sanitization thus results in executing malicious JavaScript payload. | |||||
| CVE-2022-47372 | 1 Pandorafms | 1 Pandora Fms | 2024-11-21 | N/A | 7.6 HIGH |
| Stored cross-site scripting vulnerability in the Create event section in Pandora FMS Console v766 and lower. An attacker typically exploits this vulnerability by injecting XSS payloads on popular pages of a site or passing a link to a victim, tricking them into viewing the page that contains the stored XSS payload. | |||||
| CVE-2022-47197 | 1 Ghost | 1 Ghost | 2024-11-21 | N/A | 5.4 MEDIUM |
| An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installations of Ghost allow non-administrator users to inject arbitrary Javascript in posts, which allow privilege escalation to administrator via XSS. To trigger this vulnerability, an attacker can send an HTTP request to inject Javascript in a post to trick an administrator into visiting the post.A stored XSS vulnerability exists in the `codeinjection_foot` for a post. | |||||