Total
38048 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-0906 | 1 Microweber | 1 Microweber | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Unrestricted file upload leads to stored XSS in GitHub repository microweber/microweber prior to 1.1.12. | |||||
| CVE-2022-0901 | 1 Ad Inserter Project | 1 Ad Inserter | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Ad Inserter Free and Pro WordPress plugins before 2.7.12 do not sanitise and escape the REQUEST_URI before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting in browsers which do not encode characters | |||||
| CVE-2022-0900 | 1 Netdatasoft | 1 Divvy Drive | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NetDataSoft DivvyDrive allows Stored XSS.This issue affects DivvyDrive: from unspecified before v.4.6.2.0. | |||||
| CVE-2022-0899 | 1 Draftpress | 1 Header Footer Code Manager | 2024-11-21 | N/A | 6.1 MEDIUM |
| The Header Footer Code Manager WordPress plugin before 1.1.24 does not escape generated URLs before outputting them back in attributes in an admin page, leading to a Reflected Cross-Site Scripting. | |||||
| CVE-2022-0898 | 1 Getigniteup | 1 Igniteup | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The IgniteUp WordPress plugin through 3.4.1 does not sanitise and escape some fields when high privilege users don't have the unfiltered_html capability, which could lead to Stored Cross-Site Scripting issues | |||||
| CVE-2022-0894 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0. | |||||
| CVE-2022-0893 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0. | |||||
| CVE-2022-0892 | 1 Atlasgondal | 1 Export All Urls | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Export All URLs WordPress plugin before 4.2 does not sanitise and escape the CSV filename before outputting it back in the page, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-0889 | 1 Ninjaforms | 1 Ninja Forms File Uploads | 2024-11-21 | 4.3 MEDIUM | 7.2 HIGH |
| The Ninja Forms - File Uploads Extension WordPress plugin is vulnerable to reflected cross-site scripting due to missing sanitization of the files filename parameter found in the ~/includes/ajax/controllers/uploads.php file which can be used by unauthenticated attackers to add malicious web scripts to vulnerable WordPress sites, in versions up to and including 3.3.12. | |||||
| CVE-2022-0884 | 1 Cozmoslabs | 1 Profile Builder | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The Profile Builder WordPress plugin before 3.6.8 does not sanitise and escape Form Fields titles and description, which could allow high privilege user such as admin to perform Criss-Site Scripting attacks even when unfiltered_html is disallowed | |||||
| CVE-2022-0880 | 1 Showdoc | 1 Showdoc | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository star7th/showdoc prior to 2.10.2. | |||||
| CVE-2022-0879 | 1 Calderaforms | 1 Caldera Forms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Caldera Forms WordPress plugin before 1.9.7 does not validate and escape the cf-api parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-0877 | 1 Bookstackapp | 1 Bookstack | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository bookstackapp/bookstack prior to v22.02.3. | |||||
| CVE-2022-0876 | 1 Wpdevart | 1 Social Comments | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The Social comments by WpDevArt WordPress plugin before 2.5.0 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when unfiltered_html is disallowed | |||||
| CVE-2022-0874 | 1 Wp-experts | 1 Wp Social Buttons | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The WP Social Buttons WordPress plugin through 2.1 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | |||||
| CVE-2022-0873 | 1 Codeasily | 1 Gmedia Gallery | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The Gmedia Photo Gallery WordPress plugin before 1.20.0 does not sanitise and escape the Album's name before outputting it in pages/posts with a media embed, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered-html capability is disallowed | |||||
| CVE-2022-0864 | 1 Updraftplus | 1 Updraftplus | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.22.9 does not sanitise and escape the updraft_interval parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2022-0858 | 1 Mcafee | 1 Epolicy Orchestrator | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site scripting (XSS) vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote attacker to potentially obtain access to an ePO administrator's session by convincing the attacker to click on a carefully crafted link. This would lead to limited ability to alter some information in ePO due to the area of the User Interface the vulnerability is present in. | |||||
| CVE-2022-0857 | 1 Mcafee | 1 Epolicy Orchestrator | 2024-11-21 | 4.3 MEDIUM | 5.4 MEDIUM |
| A reflected cross-site scripting (XSS) vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote attacker to potentially obtain access to an ePO administrator's session by convincing the attacker to click on a carefully crafted link. This would lead to limited access to sensitive information and limited ability to alter some information in ePO due to the area of the User Interface the vulnerability is present in. | |||||
| CVE-2022-0840 | 1 Cybernetikz | 1 Easy Social Icons | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The Easy Social Icons WordPress plugin before 3.2.1 does not properly escape the image_file field when adding a new social icon, allowing high privileged users to inject arbitrary javascript even when the unfiltered_html capability is disallowed. | |||||