Total
38400 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-2716 | 1 Fastlinemedia | 1 Beaver Builder | 2024-11-21 | N/A | 6.4 MEDIUM |
| The Beaver Builder – WordPress Page Builder for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Text Editor' block in versions up to, and including, 2.5.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with access to the Beaver Builder editor to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2022-2710 | 1 Scroll To Top Project | 1 Scroll To Top | 2024-11-21 | N/A | 4.8 MEDIUM |
| The Scroll To Top WordPress plugin before 1.4.1 does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2022-2709 | 1 Cagewebdesign | 1 Float To Top Button | 2024-11-21 | N/A | 4.8 MEDIUM |
| The Float to Top Button WordPress plugin through 2.3.6 does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2022-2701 | 1 Simple E-learning System Project | 1 Simple E-learning System | 2024-11-21 | N/A | 3.5 LOW |
| A vulnerability classified as problematic was found in SourceCodester Simple E-Learning System. This vulnerability affects unknown code of the file /claire_blake. The manipulation of the argument Bio leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-205822 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-2695 | 1 Fastlinemedia | 1 Beaver Builder | 2024-11-21 | N/A | 6.4 MEDIUM |
| The Beaver Builder – WordPress Page Builder for WordPress is vulnerable to Stored Cross-Site Scripting via the 'caption' parameter added to images via the media uploader in versions up to, and including, 2.5.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with access to the Beaver Builder editor and the ability to upload media files to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2022-2692 | 1 Wedding Hall Booking System Project | 1 Wedding Hall Booking System | 2024-11-21 | N/A | 3.5 LOW |
| A vulnerability, which was classified as problematic, was found in SourceCodester Wedding Hall Booking System. This affects an unknown part of the file /whbs/admin/?page=user of the component Staff User Profile. The manipulation of the argument First Name/Last Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205815. | |||||
| CVE-2022-2691 | 1 Wedding Hall Booking System Project | 1 Wedding Hall Booking System | 2024-11-21 | N/A | 3.5 LOW |
| A vulnerability, which was classified as problematic, has been found in SourceCodester Wedding Hall Booking System. Affected by this issue is some unknown functionality of the file /whbs/?page=manage_account of the component Profile Page. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-205814 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-2690 | 1 Wedding Hall Booking System Project | 1 Wedding Hall Booking System | 2024-11-21 | N/A | 3.5 LOW |
| A vulnerability classified as problematic was found in SourceCodester Wedding Hall Booking System. Affected by this vulnerability is an unknown functionality of the file /whbs/?page=my_bookings of the component Booking Form. The manipulation of the argument Remarks leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205813 was assigned to this vulnerability. | |||||
| CVE-2022-2689 | 1 Wedding Hall Booking System Project | 1 Wedding Hall Booking System | 2024-11-21 | N/A | 3.5 LOW |
| A vulnerability classified as problematic has been found in SourceCodester Wedding Hall Booking System. Affected is an unknown function of the file /whbs/?page=contact_us of the component Contact Page. The manipulation of the argument Message leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205812. | |||||
| CVE-2022-2686 | 1 Fast Food Ordering System Project | 1 Fast Food Ordering System | 2024-11-21 | N/A | 3.5 LOW |
| A vulnerability, which was classified as problematic, was found in oretnom23 Fast Food Ordering System. This affects an unknown part of the component Menu List Page. The manipulation of the argument Description leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205725 was assigned to this vulnerability. | |||||
| CVE-2022-2685 | 1 Interview Management System Project | 1 Interview Management System | 2024-11-21 | N/A | 3.5 LOW |
| A vulnerability was found in SourceCodester Interview Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /addQuestion.php. The manipulation of the argument question with the input <script>alert(1)</script> leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205673 was assigned to this vulnerability. | |||||
| CVE-2022-2684 | 1 Apartment Visitors Management System Project | 1 Apartment Visitors Management System | 2024-11-21 | N/A | 3.5 LOW |
| A vulnerability has been found in SourceCodester Apartment Visitor Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /manage-apartment.php. The manipulation of the argument Apartment Number with the input <script>alert(1)</script> leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205672. | |||||
| CVE-2022-2683 | 1 Simple Food Ordering System Project | 1 Simple Food Ordering System | 2024-11-21 | N/A | 3.5 LOW |
| A vulnerability, which was classified as problematic, was found in SourceCodester Simple Food Ordering System 1.0. This affects an unknown part of the file /login.php. The manipulation of the argument email/password with the input "><ScRiPt>alert(1)</sCrIpT> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205671. | |||||
| CVE-2022-2682 | 1 Alphaware - Simple E-commerce System Project | 1 Alphaware - Simple E-commerce System | 2024-11-21 | N/A | 3.5 LOW |
| A vulnerability, which was classified as problematic, has been found in SourceCodester Alphaware Simple E-Commerce System. Affected by this issue is some unknown functionality of the file stockin.php. The manipulation of the argument id with the input '"><script>alert(/xss/)</script> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-205670 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-2681 | 1 Online Student Admission System Project | 1 Online Student Admission System | 2024-11-21 | N/A | 3.5 LOW |
| A vulnerability classified as problematic was found in SourceCodester Online Student Admission System. Affected by this vulnerability is an unknown functionality of the file edit-profile.php of the component Student User Page. The manipulation with the input <script>alert(/xss/)</script> leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205669 was assigned to this vulnerability. | |||||
| CVE-2022-2655 | 1 Radiustheme | 1 Classified Listing | 2024-11-21 | N/A | 6.1 MEDIUM |
| The Classified Listing Pro WordPress plugin before 2.0.20 does not escape a generated URL before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-2646 | 1 Online Admission System Project | 1 Online Admission System | 2024-11-21 | N/A | 3.5 LOW |
| A vulnerability, which was classified as problematic, was found in SourceCodester Online Admission System. Affected is an unknown function of the file index.php. The manipulation of the argument eid with the input 8</h3><script>alert(1)</script> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205572. | |||||
| CVE-2022-2645 | 1 Garage Management System Project | 1 Garage Management System | 2024-11-21 | N/A | 3.5 LOW |
| A vulnerability has been found in SourceCodester Garage Management System and classified as problematic. Affected by this vulnerability is an unknown functionality of the file edituser.php. The manipulation of the argument id with the input 1\"><ScRiPt>alert(1)</sCrIpT> leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205573 was assigned to this vulnerability. | |||||
| CVE-2022-2635 | 1 Autoptimize | 1 Autoptimize | 2024-11-21 | N/A | 4.8 MEDIUM |
| The Autoptimize WordPress plugin before 3.1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2022-2629 | 1 Wpdarko | 1 Top Bar | 2024-11-21 | N/A | 4.8 MEDIUM |
| The Top Bar WordPress plugin before 3.0.4 does not sanitise and escape some of its settings before outputting them in frontend pages, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||