Total
38365 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-29540 | 1 Resi | 1 Gemini-net | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| resi-calltrace in RESI Gemini-Net 4.2 is affected by Multiple XSS issues. Unauthenticated remote attackers can inject arbitrary web script or HTML into an HTTP GET parameter that reflects user input without sanitization. This exists on numerous application endpoints, | |||||
| CVE-2022-29533 | 1 Misp | 1 Misp | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in MISP before 2.4.158. There is XSS in app/Controller/OrganisationsController.php in a situation with a "weird single checkbox page." | |||||
| CVE-2022-29532 | 1 Misp | 1 Misp | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in MISP before 2.4.158. There is XSS in the cerebrate view if one administrator puts a javascript: URL in the URL field, and another administrator clicks on it. | |||||
| CVE-2022-29531 | 1 Misp | 1 Misp | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in MISP before 2.4.158. There is stored XSS in the event graph via a tag name. | |||||
| CVE-2022-29530 | 1 Misp | 1 Misp | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in MISP before 2.4.158. There is stored XSS in the galaxy clusters. | |||||
| CVE-2022-29529 | 1 Misp | 1 Misp | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in MISP before 2.4.158. There is stored XSS via the LinOTP login field. | |||||
| CVE-2022-29513 | 1 Cybozu | 1 Garoon | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary script. | |||||
| CVE-2022-29487 | 1 Cybozu | 1 Office | 2024-11-21 | N/A | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors. | |||||
| CVE-2022-29485 | 1 Ss-proj | 1 Shirasagi | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in SHIRASAGI v1.0.0 to v1.14.2, and v1.15.0 allows a remote attacker to inject an arbitrary script via unspecified vectors. | |||||
| CVE-2022-29476 | 1 8degreethemes | 1 Notification Bar | 2024-11-21 | N/A | 6.1 MEDIUM |
| Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability in 8 Degree Themes otification Bar for WordPress plugin <= 1.1.8 at WordPress. | |||||
| CVE-2022-29455 | 1 Elementor | 1 Website Builder | 2024-11-21 | 4.3 MEDIUM | 4.7 MEDIUM |
| DOM-based Reflected Cross-Site Scripting (XSS) vulnerability in Elementor's Elementor Website Builder plugin <= 3.5.5 versions. | |||||
| CVE-2022-29452 | 1 Atlasgondal | 1 Export All Urls | 2024-11-21 | 3.5 LOW | 3.4 LOW |
| Authenticated (editor or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Export All URLs plugin <= 4.1 at WordPress. | |||||
| CVE-2022-29449 | 1 Wpopal | 1 Opal Hotel Room Booking | 2024-11-21 | 3.5 LOW | 4.1 MEDIUM |
| Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Opal Hotel Room Booking plugin <= 1.2.7 at WordPress. | |||||
| CVE-2022-29444 | 1 Cloudways | 1 Breeze | 2024-11-21 | 3.5 LOW | 6.5 MEDIUM |
| Plugin Settings Change leading to Cross-Site Scripting (XSS) vulnerability in Cloudways Breeze plugin <= 2.0.2 on WordPress allows users with a subscriber or higher user role to execute any of the wp_ajax_* actions in the class Breeze_Configuration which includes the ability to change any of the plugin's settings including CDN setting which could be further used for XSS attack. | |||||
| CVE-2022-29443 | 1 Nicdark | 1 Hotel Booking | 2024-11-21 | 3.5 LOW | 4.1 MEDIUM |
| Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in Nicdark's Hotel Booking plugin <= 3.0 at WordPress. | |||||
| CVE-2022-29442 | 1 Private Messages Project | 1 Private Messages | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Authenticated (subscriber or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Messages For WordPress <= 2.1.10 at WordPress. | |||||
| CVE-2022-29440 | 1 Promotion Slider Project | 1 Promotion Slider | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in Promotion Slider plugin <= 3.3.4 at WordPress. | |||||
| CVE-2022-29438 | 1 Nextcode | 1 Image Slider By Nextcode | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Authenticated (author or higher user role) Persistent Cross-Site Scripting (XSS) vulnerability in Image Slider by NextCode plugin <= 1.1.2 at WordPress. | |||||
| CVE-2022-29436 | 1 Code Snippets Extended Project | 1 Code Snippets Extended | 2024-11-21 | 4.3 MEDIUM | 4.7 MEDIUM |
| Persistent Cross-Site Scripting (XSS) vulnerability in Alexander Stokmann's Code Snippets Extended plugin <= 1.4.7 on WordPress via Cross-Site Request Forgery (vulnerable parameters &title, &snippet_code). | |||||
| CVE-2022-29433 | 1 Donations Project | 1 Donations | 2024-11-21 | 3.5 LOW | 4.1 MEDIUM |
| Authenticated (contributor or higher role) Cross-Site Scripting (XSS) vulnerability in Donations plugin <= 1.8 on WordPress. | |||||