Total
38390 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-2130 | 1 Microweber | 1 Microweber | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.17. | |||||
| CVE-2022-2118 | 1 Tooltulips | 1 404s | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The 404s WordPress plugin before 3.5.1 does not sanitise and escape its fields, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | |||||
| CVE-2022-2116 | 1 Webacetechs | 1 Contact Form Db - Elementor | 2024-11-21 | N/A | 6.1 MEDIUM |
| The Contact Form DB WordPress plugin before 1.8.0 does not sanitise and escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting | |||||
| CVE-2022-2115 | 1 Essentialplugin | 1 Popup Anything | 2024-11-21 | N/A | 6.1 MEDIUM |
| The Popup Anything WordPress plugin before 2.1.7 does not sanitise and escape a parameter before outputting it back in a frontend page, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-2114 | 1 Supsystic | 1 Data Tables Generator | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The Data Tables Generator by Supsystic WordPress plugin before 1.10.20 does not sanitise and escape some of its Table settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2022-2113 | 1 Inventree Project | 1 Inventree | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository inventree/inventree prior to 0.7.2. | |||||
| CVE-2022-2100 | 1 Wpzinc | 1 Page Generator | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The Page Generator WordPress plugin before 1.6.5 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | |||||
| CVE-2022-2093 | 1 Ninjateam | 1 Wp Duplicate Page | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The WP Duplicate Page WordPress plugin before 1.3 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. | |||||
| CVE-2022-2092 | 1 Wpovernight | 1 Woocommerce Pdf Invoices\& Packing Slips | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 2.16.0 doesn't escape a parameter on its setting page, making it possible for attackers to conduct reflected cross-site scripting attacks. | |||||
| CVE-2022-2090 | 1 Flycart | 1 Discount Rules For Woocommerce | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Discount Rules for WooCommerce WordPress plugin before 2.4.2 does not escape a parameter before outputting it back in an attribute of the plugin's discount rule page, leading to Reflected Cross-Site Scripting | |||||
| CVE-2022-2089 | 1 Bold-themes | 1 Bold Page Builder | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The Bold Page Builder WordPress plugin before 4.3.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. | |||||
| CVE-2022-2087 | 1 Bank Management System Project | 1 Bank Management System | 2024-11-21 | 3.5 LOW | 3.5 LOW |
| A vulnerability, which was classified as problematic, was found in SourceCodester Bank Management System 1.0. This affects the file /mnotice.php?id=2. The manipulation of the argument notice with the input <script>alert(1)</script> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-2072 | 1 Name Directory Project | 1 Name Directory | 2024-11-21 | N/A | 6.1 MEDIUM |
| The Name Directory WordPress plugin before 1.25.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. Furthermore, as the payload is also saved into the database after the request, it leads to a Stored XSS as well | |||||
| CVE-2022-2066 | 1 Facturascripts | 1 Facturascripts | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - Reflected in GitHub repository neorazorx/facturascripts prior to 2022.06. | |||||
| CVE-2022-2065 | 1 Facturascripts | 1 Facturascripts | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository neorazorx/facturascripts prior to 2022.06. | |||||
| CVE-2022-2060 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr/dolibarr prior to 16.0. | |||||
| CVE-2022-2059 | 1 Pandorafms | 1 Pandora Fms | 2024-11-21 | N/A | 3.5 LOW |
| In Pandora FMS v7.0NG.761 and below, in the agent creation section, the alias parameter is vulnerable to a Stored Cross Site-Scripting. This vulnerability can be exploited by an attacker with administrator privileges logged in the system. | |||||
| CVE-2022-2050 | 1 Maxfoundry | 1 Wp-paginate | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The WP-Paginate WordPress plugin before 2.1.9 does not escape one of its settings, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when unfiltered_html is disallowed | |||||
| CVE-2022-2036 | 1 Rosariosis | 1 Rosariosis | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0.1. | |||||
| CVE-2022-2035 | 1 Ltgplc | 1 Rustici Software Scorm Engine | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected cross-site scripting (XSS) vulnerability exists in the playerConfUrl parameter in the /defaultui/player/modern.html file for SCORM Engine versions < 20.1.45.914, 21.1.x < 21.1.7.219. The issue exists because there are no limitations on the domain or format of the url supplied by the user, allowing an attacker to craft malicious urls which can trigger a reflected XSS payload in the context of a victim's browser. | |||||