Total
38400 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-2829 | 1 Yetiforce | 1 Yetiforce Customer Relationship Management | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. | |||||
| CVE-2022-2823 | 1 Metaslider | 1 Slider\, Gallery\, And Carousel | 2024-11-21 | N/A | 4.8 MEDIUM |
| The Slider, Gallery, and Carousel by MetaSlider WordPress plugin before 3.27.9 does not sanitise and escape some of its Gallery Image parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2022-2814 | 1 Simple And Nice Shopping Cart Script Project | 1 Simple And Nice Shopping Cart Script | 2024-11-21 | N/A | 3.5 LOW |
| A vulnerability has been found in SourceCodester Simple and Nice Shopping Cart Script and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /mkshope/login.php. The manipulation of the argument msg leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-206401 was assigned to this vulnerability. | |||||
| CVE-2022-2811 | 1 Guest Management System Project | 1 Guest Management System | 2024-11-21 | N/A | 3.5 LOW |
| A vulnerability classified as problematic has been found in SourceCodester Guest Management System. This affects an unknown part of the file myform.php. The manipulation of the argument name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-206397 was assigned to this vulnerability. | |||||
| CVE-2022-2799 | 1 Wpaffiliatemanager | 1 Affiliates Manager | 2024-11-21 | N/A | 4.8 MEDIUM |
| The Affiliates Manager WordPress plugin before 2.9.14 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | |||||
| CVE-2022-2796 | 1 Pimcore | 1 Pimcore | 2024-11-21 | N/A | 4.8 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.4. | |||||
| CVE-2022-2777 | 1 Microweber | 1 Microweber | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.1. | |||||
| CVE-2022-2775 | 1 Fastflow | 1 Fastflow | 2024-11-21 | N/A | 5.5 MEDIUM |
| The Fast Flow WordPress plugin before 1.2.13 does not sanitise and escape some of its Widget settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2022-2773 | 1 Apartment Visitors Management System Project | 1 Apartment Visitors Management System | 2024-11-21 | N/A | 3.5 LOW |
| A vulnerability was found in SourceCodester Apartment Visitor Management System. It has been classified as problematic. This affects an unknown part of the file profile.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The identifier VDB-206169 was assigned to this vulnerability. | |||||
| CVE-2022-2769 | 1 Company Website Cms Project | 1 Company Website Cms | 2024-11-21 | N/A | 3.5 LOW |
| A vulnerability, which was classified as problematic, has been found in SourceCodester Company Website CMS. This issue affects some unknown processing of the file /dashboard/contact. The manipulation of the argument phone leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-206165 was assigned to this vulnerability. | |||||
| CVE-2022-2768 | 1 Library Management System Project | 1 Library Management System | 2024-11-21 | N/A | 3.5 LOW |
| A vulnerability classified as problematic was found in SourceCodester Library Management System. This vulnerability affects unknown code of the file /qr/I/. The manipulation of the argument error leads to cross site scripting. The attack can be initiated remotely. The identifier of this vulnerability is VDB-206164. | |||||
| CVE-2022-2767 | 1 Online Admission System Project | 1 Online Admission System | 2024-11-21 | N/A | 3.5 LOW |
| A vulnerability classified as problematic has been found in SourceCodester Online Admission System. This affects an unknown part of the file /index.php. The manipulation of the argument student_add leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-206163. | |||||
| CVE-2022-2763 | 1 Wp Socializer Project | 1 Wp Socializer | 2024-11-21 | N/A | 4.8 MEDIUM |
| The WP Socializer WordPress plugin before 7.3 does not sanitise and escape some of its Icons settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2022-2753 | 1 Ketchup Restaurant Reservations Project | 1 Ketchup Restaurant Reservations | 2024-11-21 | N/A | 6.1 MEDIUM |
| The Ketchup Restaurant Reservations WordPress plugin through 1.0.0 does not sanitise and escape some of the reservation user inputs, allowing unauthenticated attackers to perform Cross-Site Scripting attacks logged in admin viewing the malicious reservation made | |||||
| CVE-2022-2748 | 1 Simple Online Book Store System Project | 1 Simple Online Book Store System | 2024-11-21 | N/A | 3.5 LOW |
| A vulnerability was found in SourceCodester Simple Online Book Store System. It has been classified as problematic. Affected is an unknown function of the file /admin/edit.php. The manipulation of the argument eid leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-206016. | |||||
| CVE-2022-2737 | 1 Wp-staging | 1 Wp Staging | 2024-11-21 | N/A | 4.8 MEDIUM |
| The WP STAGING WordPress plugin before 2.9.18 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2022-2733 | 1 Open-emr | 1 Openemr | 2024-11-21 | N/A | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.1. | |||||
| CVE-2022-2731 | 1 Open-emr | 1 Openemr | 2024-11-21 | N/A | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.1. | |||||
| CVE-2022-2729 | 1 Open-emr | 1 Openemr | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - DOM in GitHub repository openemr/openemr prior to 7.0.0.1. | |||||
| CVE-2022-2725 | 1 Company Website Cms Project | 1 Company Website Cms | 2024-11-21 | N/A | 3.5 LOW |
| A vulnerability was found in SourceCodester Company Website CMS. It has been rated as problematic. Affected by this issue is some unknown functionality of the file add-blog.php. The manipulation leads to cross site scripting. The attack may be launched remotely. VDB-205838 is the identifier assigned to this vulnerability. | |||||