Total
38457 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-45375 | 1 Cyberchimps | 1 Ifeature Slider | 2024-11-21 | N/A | 5.4 MEDIUM |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in iFeature Slider plugin <= 1.2 on WordPress. | |||||
| CVE-2022-45366 | 1 Wp-slimstat | 1 Slimstat Analytics | 2024-11-21 | N/A | 7.1 HIGH |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Jason Crouse, VeronaLabs Slimstat Analytics plugin <= 5.0.4 versions. | |||||
| CVE-2022-45365 | 1 Urosevic | 1 Stock Ticker | 2024-11-21 | N/A | 7.1 HIGH |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aleksandar Urošević Stock Ticker allows Reflected XSS.This issue affects Stock Ticker: from n/a through 3.23.2. | |||||
| CVE-2022-45363 | 1 Muffingroup | 1 Betheme | 2024-11-21 | N/A | 5.4 MEDIUM |
| Auth. (subscriber+) Stored Cross-Site Scripting (XSS) in Muffingroup Betheme theme <= 26.6.1 on WordPress. | |||||
| CVE-2022-45361 | 1 0mk Shortener Project | 1 0mk Shortener | 2024-11-21 | N/A | 5.9 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Boris Kuzmanov 0mk Shortener plugin <= 0.2 versions. | |||||
| CVE-2022-45358 | 1 Colorlib | 1 Activello | 2024-11-21 | N/A | 5.4 MEDIUM |
| Auth. (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability in Silkalns Activello theme <= 1.4.4 versions. | |||||
| CVE-2022-45218 | 1 Oretnom23 | 1 Human Resource Management System | 2024-11-21 | N/A | 6.1 MEDIUM |
| Human Resource Management System v1.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability. This vulnerability is triggered via a crafted payload injected into an authentication error message. | |||||
| CVE-2022-45176 | 1 Liveboxcloud | 1 Vdesk | 2024-11-21 | N/A | 5.4 MEDIUM |
| An issue was discovered in LIVEBOX Collaboration vDesk through v018. Stored Cross-site Scripting (XSS) can occur under the /api/v1/getbodyfile endpoint via the uri parameter. The web application (through its vShare functionality section) doesn't properly check parameters, sent in HTTP requests as input, before saving them on the server. In addition, crafted JavaScript content can then be reflected back to the end user and executed by the web browser. | |||||
| CVE-2022-45137 | 1 Wago | 14 751-9301, 751-9301 Firmware, 752-8303\/8000-002 and 11 more | 2024-11-21 | N/A | 6.1 MEDIUM |
| The configuration backend of the web-based management is vulnerable to reflected XSS (Cross-Site Scripting) attacks that targets the users browser. This leads to a limited impact of confidentiality and integrity but no impact of availability. | |||||
| CVE-2022-45091 | 1 Gruparge | 1 Smartpower Web | 2024-11-21 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Group Arge Energy and Control Systems Smartpower Web allows Cross-Site Scripting (XSS).This issue affects Smartpower Web: before 23.01.01. | |||||
| CVE-2022-45087 | 1 Gruparge | 1 Smartpower Web | 2024-11-21 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Group Arge Energy and Control Systems Smartpower Web allows Cross-Site Scripting (XSS). This issue affects Smartpower Web: before 23.01.01. | |||||
| CVE-2022-45086 | 1 Gruparge | 1 Smartpower Web | 2024-11-21 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Group Arge Energy and Control Systems Smartpower Web allows Cross-Site Scripting (XSS). This issue affects Smartpower Web: before 23.01.01. | |||||
| CVE-2022-45084 | 1 Loginizer | 1 Loginizer | 2024-11-21 | N/A | 7.1 HIGH |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Softaculous Loginizer plugin <= 1.7.5 versions. | |||||
| CVE-2022-45082 | 1 Oxilab | 1 Accordions | 2024-11-21 | N/A | 3.4 LOW |
| Multiple Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerabilities in Accordions plugin <= 2.0.3 on WordPress via &addons-style-name and &accordions_or_faqs_license_key. | |||||
| CVE-2022-45065 | 1 Squirrly | 1 Seo Plugin By Squirrly Seo | 2024-11-21 | N/A | 7.1 HIGH |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Squirrly SEO Plugin by Squirrly SEO plugin <= 12.1.20 versions. | |||||
| CVE-2022-45051 | 3 Axiell, Linux, Microsoft | 3 Iguana, Linux Kernel, Windows | 2024-11-21 | N/A | 6.1 MEDIUM |
| A reflected XSS vulnerability has been found in Axiell Iguana CMS, allowing an attacker to execute code in a victim's browser. The module parameter on the Service.template.cls endpoint does not properly neutralise user input, resulting in the vulnerability. | |||||
| CVE-2022-45050 | 1 Axiell | 1 Iguana | 2024-11-21 | N/A | 6.1 MEDIUM |
| A reflected XSS vulnerability has been found in Axiell Iguana CMS, allowing an attacker to execute code in a victim's browser. The title parameter on the twitter.php endpoint does not properly neutralise user input, resulting in the vulnerability. | |||||
| CVE-2022-45049 | 3 Axiell, Linux, Microsoft | 3 Iguana, Linux Kernel, Windows | 2024-11-21 | N/A | 6.1 MEDIUM |
| A reflected XSS vulnerability has been found in Axiell Iguana CMS, allowing an attacker to execute code in a victim's browser. The url parameter on the novelist.php endpoint does not properly neutralise user input, resulting in the vulnerability. | |||||
| CVE-2022-44743 | 1 Blueglass | 1 Jobs For Wordpress | 2024-11-21 | N/A | 6.5 MEDIUM |
| Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in BlueGlass Jobs for WordPress plugin <= 2.5.11.2 versions. | |||||
| CVE-2022-44742 | 1 Community Events Project | 1 Community Events | 2024-11-21 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting vulnerability in Yannick Lefebvre Community Events plugin <= 1.4.8 versions. | |||||