Total
38440 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-37679 | 1 Miniblog.core Project | 1 Miniblog.core | 2024-11-21 | N/A | 4.8 MEDIUM |
| Miniblog.Core v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /blog/edit. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Excerpt field. | |||||
| CVE-2022-37431 | 1 Dotcms | 1 Dotcms | 2024-11-21 | N/A | 6.1 MEDIUM |
| A Reflected Cross-site scripting (XSS) issue was discovered in dotCMS Core through 22.06. This occurs in the admin portal when the configuration has XSS_PROTECTION_ENABLED=false. NOTE: the vendor disputes this because the current product behavior, in effect, has XSS_PROTECTION_ENABLED=true in all configurations | |||||
| CVE-2022-37412 | 1 Better Delete Revision Project | 1 Better Delete Revision | 2024-11-21 | N/A | 4.8 MEDIUM |
| Authenticated (admin+) Reflected Cross-Site Scripting (XSS) vulnerability in Galerio & Urda's Better Delete Revision plugin <= 1.6.1 at WordPress. | |||||
| CVE-2022-37407 | 1 Wpchill | 1 Gallery Photoblocks | 2024-11-21 | N/A | 4.1 MEDIUM |
| Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities in WPChill Gallery PhotoBlocks plugin <= 1.2.6 at WordPress. | |||||
| CVE-2022-37404 | 1 Add2fav Project | 1 Add2fav | 2024-11-21 | N/A | 4.8 MEDIUM |
| Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Christian Salazar's add2fav plugin <= 1.0 at WordPress. | |||||
| CVE-2022-37403 | 1 Add User Role Project | 1 Add User Role | 2024-11-21 | N/A | 4.8 MEDIUM |
| Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Nikhil Vaghela's Add User Role plugin <= 0.0.1 at WordPress. | |||||
| CVE-2022-37402 | 1 Afsanalytics | 1 Afs Analytics | 2024-11-21 | N/A | 4.8 MEDIUM |
| Stored Cross-site Scripting (XSS) vulnerability in AFS Analytics plugin <= 4.18 versions. | |||||
| CVE-2022-37342 | 1 Add Shortcodes Actions And Filters Project | 1 Add Shortcodes Actions And Filters | 2024-11-21 | N/A | 4.8 MEDIUM |
| Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability Add Shortcodes Actions And Filters plugin <= 2.0.9 at WordPress. | |||||
| CVE-2022-37339 | 1 Fullworksplugins | 1 Meet My Team | 2024-11-21 | N/A | 4.1 MEDIUM |
| Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Meet My Team plugin <= 2.0.5 at WordPress. | |||||
| CVE-2022-37338 | 1 Blossomthemes | 1 Blossom Recipe Maker | 2024-11-21 | N/A | 4.1 MEDIUM |
| Multiple Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerabilities in Blossom Recipe Maker plugin <= 1.0.7 at WordPress. | |||||
| CVE-2022-37335 | 1 Webhelpagency | 1 Word Search Puzzles | 2024-11-21 | N/A | 4.8 MEDIUM |
| Authenticated (author+) Stored Cross-Site Scripting (XSS) vulnerability in WHA's Word Search Puzzles game plugin <= 2.0.1 at WordPress. | |||||
| CVE-2022-37330 | 1 Webhelpagency | 1 Wha Crossword | 2024-11-21 | N/A | 5.4 MEDIUM |
| Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WHA Crossword plugin <= 1.1.10 at WordPress. | |||||
| CVE-2022-37328 | 1 Themesawesome | 1 Timeline Awesome | 2024-11-21 | N/A | 3.4 LOW |
| Authenticated (author+) Stored Cross-Site Scripting (XSS) vulnerability in Themes Awesome History Timeline plugin <= 1.0.5 at WordPress. | |||||
| CVE-2022-37318 | 1 Rsa | 1 Archer | 2024-11-21 | N/A | 7.0 HIGH |
| Archer Platform 6.9 SP2 P2 before 6.11 P3 (6.11.0.3) contain a reflected XSS vulnerability. A remote unauthenticated malicious Archer user could potentially exploit this vulnerability by tricking a victim application user into supplying malicious JavaScript code to the vulnerable web application. This code is then reflected to the victim and gets executed by the web browser in the context of the vulnerable web application. 6.10 P4 (6.10.0.4) and 6.11 P2 HF4 (6.11.0.2.4) are also fixed releases. | |||||
| CVE-2022-37317 | 1 Rsa | 1 Archer | 2024-11-21 | N/A | 7.6 HIGH |
| Archer Platform 6.x before 6.11 P3 contain an HTML injection vulnerability. An authenticated remote attacker could potentially exploit this vulnerability by tricking a victim application user to execute malicious code in the context of the web application. 6.10 P4 (6.10.0.4) and 6.11 P2 HF4 (6.11.0.2.4) are also fixed releases. | |||||
| CVE-2022-37254 | 1 Dolphinphp Project | 1 Dolphinphp | 2024-11-21 | N/A | 5.4 MEDIUM |
| DolphinPHP 1.5.1 is vulnerable to Cross Site Scripting (XSS) via Background - > System - > system function - > configuration management. | |||||
| CVE-2022-37253 | 1 Crime Reporting System Project | 1 Crime Reporting System | 2024-11-21 | N/A | 5.4 MEDIUM |
| Persistent cross-site scripting (XSS) in Crime Reporting System 1.0 allows a remote attacker to introduce arbitary Javascript via manipulation of an unsanitized POST parameter | |||||
| CVE-2022-37251 | 1 Craftcms | 1 Craft Cms | 2024-11-21 | N/A | 5.4 MEDIUM |
| Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) via Drafts. | |||||
| CVE-2022-37248 | 1 Craftcms | 1 Craft Cms | 2024-11-21 | N/A | 5.4 MEDIUM |
| Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) via src/helpers/Cp.php. | |||||
| CVE-2022-37247 | 1 Craftcms | 1 Craft Cms | 2024-11-21 | N/A | 5.4 MEDIUM |
| Craft CMS 4.2.0.1 is vulnerable to stored a cross-site scripting (XSS) via /admin/settings/fields page. | |||||