Total
38457 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-46147 | 1 Openedx | 1 Xblock-drag-and-drop-v2 | 2024-11-21 | N/A | 8.4 HIGH |
| Drag and Drop XBlock v2 implements a drag-and-drop style problem, where a learner has to drag items to zones on a target image. Versions prior to 3.0.0 are vulnerable to cross-site scripting in multiple XBlock Fields. Any platform that has deployed the XBlock may be impacted. Version 3.0.0 contains a patch for this issue. There are no known workarounds. | |||||
| CVE-2022-45849 | 1 Colorlib | 1 Activello Theme | 2024-11-21 | N/A | 5.4 MEDIUM |
| Auth. (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability in Silkalns Activello theme <= 1.4.4 versions. | |||||
| CVE-2022-45848 | 1 Contest-gallery | 1 Contest Gallery | 2024-11-21 | N/A | 6.1 MEDIUM |
| Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Contest Gallery plugin <= 13.1.0.9 on WordPress. | |||||
| CVE-2022-45843 | 1 Nextendweb | 1 Smart Slider 3 | 2024-11-21 | N/A | 5.4 MEDIUM |
| Auth. (contributor+) Stored Cross-Site Scripting vulnerability in Nextend Smart Slider 3 plugin <= 3.5.1.9 versions. | |||||
| CVE-2022-45839 | 1 Webhelpagency | 1 Wha Puzzle | 2024-11-21 | N/A | 5.4 MEDIUM |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WHA WHA Puzzle plugin <= 1.0.9 versions. | |||||
| CVE-2022-45838 | 1 Reputeinfosystems | 1 Arforms Form Builder | 2024-11-21 | N/A | 6.1 MEDIUM |
| Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Repute InfoSystems ARForms Form Builder plugin <= 1.5.5 versions. | |||||
| CVE-2022-45837 | 1 Wpjam | 1 Wechat Robot | 2024-11-21 | N/A | 7.1 HIGH |
| Reflected Cross-Site Scripting (XSS) vulnerability in Denis 微信机器人高级版 plugin <= 6.0.1 versions. | |||||
| CVE-2022-45831 | 1 Oxilab | 1 Image Hover Effects For Elementor With Lightbox And Flipbox | 2024-11-21 | N/A | 7.1 HIGH |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in biplob018 Image Hover Effects for Elementor with Lightbox and Flipbox plugin <= 2.8 versions. | |||||
| CVE-2022-45827 | 1 Galleryplugins | 1 Video Contest | 2024-11-21 | N/A | 5.9 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in GalleryPlugins Video Contest plugin <= 3.2 versions. | |||||
| CVE-2022-45825 | 1 Liquidweb | 1 Wpcomplete | 2024-11-21 | N/A | 7.1 HIGH |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in iThemes WPComplete plugin <= 2.9.2 versions. | |||||
| CVE-2022-45821 | 1 Nootheme | 1 Noo Timetable | 2024-11-21 | N/A | 6.5 MEDIUM |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in NooTheme Noo Timetable plugin <= 2.1.3 versions. | |||||
| CVE-2022-45818 | 1 Essentialplugin | 1 Hero Banner Ultimate | 2024-11-21 | N/A | 6.5 MEDIUM |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WP OnlineSupport, Essential Plugin Hero Banner Ultimate plugin <= 1.3.4 versions. | |||||
| CVE-2022-45817 | 1 Gc Testimonials Project | 1 Gc Testimonials | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability in Erin Garscadden GC Testimonials plugin <= 1.3.2 versions. | |||||
| CVE-2022-45816 | 1 Dev4press | 1 Gd Bbpress Attachments | 2024-11-21 | N/A | 4.8 MEDIUM |
| Auth. Stored Cross-Site Scripting (XSS) vulnerability in GD bbPress Attachments plugin <= 4.3.1 on WordPress. | |||||
| CVE-2022-45814 | 1 Wp Calendar Project | 1 Wp Calendar | 2024-11-21 | N/A | 5.4 MEDIUM |
| Stored Cross-Site Scripting (XSS) vulnerability in Fabian von Allmen WP Calendar plugin <= 1.5.3 versions. | |||||
| CVE-2022-45812 | 1 Exxp Project | 1 Exxp | 2024-11-21 | N/A | 6.5 MEDIUM |
| Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in Martin Lees Exxp plugin <= 2.6.8 versions. | |||||
| CVE-2022-45722 | 1 Gzwhir | 1 Ezeip | 2024-11-21 | N/A | 6.1 MEDIUM |
| ezEIP v5.3.0(0649) was discovered to contain a cross-site scripting (XSS) vulnerability. | |||||
| CVE-2022-45448 | 1 Prestashop | 1 M4 Pdf | 2024-11-21 | N/A | 3.5 LOW |
| M4 PDF plugin for Prestashop sites, in its 3.2.3 version and before, is vulnerable to an arbitrary HTML Document crafting vulnerability. The resource /m4pdf/pdf.php uses templates to dynamically create documents. In the case that the template does not exist, the application will return a fixed document with a message in mpdf format. An attacker could exploit this vulnerability by inputting a valid HTML/CSS document as the value of the parameter. | |||||
| CVE-2022-45437 | 1 Pandorafms | 1 Pandora Fms | 2024-11-21 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Artica PFMS Pandora FMS v765 on all allows Cross-Site Scripting (XSS). A user with edition privileges can create a Payload in the reporting dashboard module. An admin user can observe the Payload without interaction and attacker can get information. | |||||
| CVE-2022-45436 | 1 Pandorafms | 1 Pandora Fms | 2024-11-21 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Artica PFMS Pandora FMS v765 on all platforms, allows Cross-Site Scripting (XSS). As a manager privilege user , create a network map containing name as xss payload. Once created, admin user must click on the edit network maps and XSS payload will be executed, which could be used for stealing admin users cookie value. | |||||