Total
38064 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-1178 | 1 Open-emr | 1 Openemr | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4. | |||||
| CVE-2022-1175 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 MEDIUM | 8.7 HIGH |
| Improper neutralization of user input in GitLab CE/EE versions 14.4 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 allowed an attacker to exploit XSS by injecting HTML in notes. | |||||
| CVE-2022-1173 | 1 Getgrav | 1 Grav | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| stored xss in GitHub repository getgrav/grav prior to 1.7.33. | |||||
| CVE-2022-1171 | 1 Vertical Scroll Recent Post Project | 1 Vertical Scroll Recent Post | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Vertical scroll recent post WordPress plugin before 14.0 does not sanitise and escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-1170 | 1 Nootheme | 1 Jobmonster | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In the Noo JobMonster WordPress theme before 4.5.2.9 JobMonster there is a XSS vulnerability as the input for the search form is provided through unsanitized GET requests. | |||||
| CVE-2022-1169 | 1 Eyecix | 1 Careerfy | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| There is a XSS vulnerability in Careerfy. | |||||
| CVE-2022-1168 | 1 Eyecix | 1 Jobsearch Wp Job Board | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| There is a Cross-Site Scripting vulnerability in the JobSearch WP JobSearch WordPress plugin before 1.5.1. | |||||
| CVE-2022-1167 | 1 Apusthemes | 1 Careerup | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| There are unauthenticated reflected Cross-Site Scripting (XSS) vulnerabilities in CareerUp Careerup WordPress theme before 2.3.1, via the filter parameters. | |||||
| CVE-2022-1164 | 1 Wztechno | 1 Wyzi | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Wyzi Theme was affected by reflected XSS vulnerabilities in the business search feature | |||||
| CVE-2022-1163 | 1 Mineweb | 1 Minewebcms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository mineweb/minewebcms prior to next. | |||||
| CVE-2022-1156 | 1 Books \& Papers Project | 1 Books \& Papers | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The Books & Papers WordPress plugin through 0.20210223 does not escape its Custom DB prefix settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | |||||
| CVE-2022-1152 | 1 Menubar | 1 Menubar | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The Menubar WordPress plugin before 5.8 does not sanitise and escape the command parameter before outputting it back in the response via the menubar AJAX action (available to any authenticated users), leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-1112 | 1 Autolinks Project | 1 Autolinks | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The Autolinks WordPress plugin through 1.0.1 does not have CSRF check in place when updating its settings, and does not sanitise as well as escape them, which could allow attackers to perform Stored Cross-Site scripting against a logged in admin via a CSRF attack | |||||
| CVE-2022-1104 | 1 Code-atlantic | 1 Popup Maker | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The Popup Maker WordPress plugin before 1.16.5 does not sanitise and escape some of its Popup settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | |||||
| CVE-2022-1102 | 1 Event Management System Project | 1 Event Management System | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability classified as problematic has been found in SourceCodester Royale Event Management System 1.0. Affected is an unknown function of the file /royal_event/companyprofile.php. The manipulation of the argument companyname/regno/companyaddress/companyemail leads to cross site scripting. It is possible to launch the attack remotely. VDB-195786 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-1095 | 1 Mihdan\ | 1 No External Links Project | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The Mihdan: No External Links WordPress plugin before 5.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2022-1093 | 1 Joomunited | 1 Wp Meta Seo | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The WP Meta SEO WordPress plugin before 4.4.7 does not sanitise or escape the breadcrumb separator before outputting it to the page, allowing a high privilege user such as an administrator to inject arbitrary javascript into the page even when unfiltered html is disallowed. | |||||
| CVE-2022-1091 | 1 10up | 1 Safe Svg | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The sanitisation step of the Safe SVG WordPress plugin before 1.9.10 can be bypassed by spoofing the content-type in the POST request to upload a file. Exploiting this vulnerability, an attacker will be able to perform the kinds of attacks that this plugin should prevent (mainly XSS, but depending on further use of uploaded SVG files potentially other XML attacks). | |||||
| CVE-2022-1090 | 1 Good-bad-comments Project | 1 Good-bad-comments | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The Good & Bad Comments WordPress plugin through 1.0.0 does not sanitise and escape its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | |||||
| CVE-2022-1089 | 1 Wpsheeteditor | 1 Bulk Edit And Create User Profiles - Wp Sheet Editor | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The Bulk Edit and Create User Profiles WordPress plugin before 1.5.14 does not sanitise and escape the Users Login, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | |||||