Total
38064 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-1268 | 1 Donate Extra Project | 1 Donate Extra | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Donate Extra WordPress plugin through 2.02 does not sanitise and escape a parameter before outputting it back in the response, leading to a Reflected cross-Site Scripting | |||||
| CVE-2022-1267 | 1 Bmi Bmr Calculator Project | 1 Bmi Bmr Calculator | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The BMI BMR Calculator WordPress plugin through 1.3 does not sanitise and escape arbitrary POST data before outputting it back in the response, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-1266 | 1 Wpwax | 1 Post Grid\, Slider \& Carousel Ultimate | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The Post Grid, Slider & Carousel Ultimate WordPress plugin before 1.5.0 does not sanitise and escape the Header Title, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | |||||
| CVE-2022-1265 | 1 Ait-pro | 1 Bulletproof Security | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The BulletProof Security WordPress plugin before 6.1 does not sanitize and escape some of its CAPTCHA settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | |||||
| CVE-2022-1255 | 1 Codection | 1 Import And Export Users And Customers | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The Import and export users and customers WordPress plugin before 1.19.2.1 does not sanitise and escaped imported CSV data, which could allow high privilege users to import malicious javascript code and lead to Stored Cross-Site Scripting issues | |||||
| CVE-2022-1250 | 1 Lifterlms | 1 Lifterlms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The LifterLMS PayPal WordPress plugin before 1.4.0 does not sanitise and escape some parameters from the payment confirmation page before outputting them back in the page, leading to a Reflected Cross-Site Scripting issue | |||||
| CVE-2022-1241 | 1 2code | 1 Ask Me | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Ask me WordPress theme before 6.8.2 does not properly sanitise and escape several of the fields in the Edit Profile page, leading to Reflected Cross-Site Scripting issues | |||||
| CVE-2022-1234 | 1 Livehelperchat | 1 Live Helper Chat | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS in livehelperchat in GitHub repository livehelperchat/livehelperchat prior to 3.97. This vulnerability has the potential to deface websites, result in compromised user accounts, and can run malicious code on web pages, which can lead to a compromise of the user’s device. | |||||
| CVE-2022-1231 | 2 Fedoraproject, Plantuml | 2 Fedora, Plantuml | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS via Embedded SVG in SVG Diagram Format in GitHub repository plantuml/plantuml prior to 1.2022.4. Stored XSS in the context of the diagram embedder. Depending on the actual context, this ranges from stealing secrets to account hijacking or even to code execution for example in desktop applications. Web based applications are the ones most affected. Since the SVG format allows clickable links in diagrams, it is commonly used in plugins for web based projects (like the Confluence plugin, etc. see https://plantuml.com/de/running). | |||||
| CVE-2022-1228 | 1 Opensea Project | 1 Opeansea | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The Opensea WordPress plugin before 1.0.3 does not sanitize and escape some of its settings, like its "Referer address" field, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | |||||
| CVE-2022-1221 | 1 Gwyn\'s Imagemap Selector Project | 1 Gwyn\'s Imagemap Selector | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Gwyn's Imagemap Selector WordPress plugin through 0.3.3 does not sanitise and escape some parameters before outputting them back in attributes, leading to a Reflected Cross-Site Scripting. | |||||
| CVE-2022-1220 | 1 Foxy-shop | 1 Foxyshop | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The FoxyShop WordPress plugin before 4.8.2 does not sanitise and escape a parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-1218 | 1 Duogeek | 1 Domain Replace | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Domain Replace WordPress plugin through 1.3.8 does not sanitise and escape a parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-1217 | 1 Custom Tinymce Shortcode Button Project | 1 Custom Tinymce Shortcode Button | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Custom TinyMCE Shortcode Button WordPress plugin through 1.1 does not sanitise and escape the PHP_SELF variable before outputting it back in an attribute in an admin page, leading to Reflected Cross-Site Scripting. | |||||
| CVE-2022-1216 | 1 Advanced Image Sitemap Project | 1 Advanced Image Sitemap | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Advanced Image Sitemap WordPress plugin through 1.2 does not sanitise and escape the PHP_SELF PHP variable before outputting it back in an attribute in an admin page, leading to Reflected Cross-Site Scripting. | |||||
| CVE-2022-1192 | 1 Turn Off All Comments Project | 1 Turn Off All Comments | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Turn off all comments WordPress plugin through 1.0 does not sanitise and escape the rows parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-1190 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.5 LOW | 8.7 HIGH |
| Improper handling of user input in GitLab CE/EE versions 8.3 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowed an attacker to exploit a stored XSS by abusing multi-word milestone references in issue descriptions, comments, etc. | |||||
| CVE-2022-1181 | 1 Open-emr | 1 Openemr | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.2. | |||||
| CVE-2022-1180 | 1 Open-emr | 1 Openemr | 2024-11-21 | 3.5 LOW | 3.5 LOW |
| Reflected Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4. | |||||
| CVE-2022-1179 | 1 Open-emr | 1 Openemr | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Non-Privilege User Can Created New Rule and Lead to Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4. | |||||