Total
38036 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-0205 | 1 Yop-poll | 1 Yop-poll | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The YOP Poll WordPress plugin before 6.3.5 does not sanitise and escape some of the settings (available to users with a role as low as author) before outputting them, leading to a Stored Cross-Site Scripting issue | |||||
| CVE-2022-0201 | 2 Permalink Manager Lite Project, Permalink Manager Project | 2 Permalink Manager Lite, Permalink Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Permalink Manager Lite WordPress plugin before 2.2.15 and Permalink Manager Pro WordPress plugin before 2.2.15 do not sanitise and escape query parameters before outputting them back in the debug page, leading to a Reflected Cross-Site Scripting issue | |||||
| CVE-2022-0200 | 1 Themify | 1 Portfolio Post | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Themify Portfolio Post WordPress plugin before 1.1.7 does not sanitise and escape the num_of_pages parameter before outputting it back the response of the themify_create_popup_page_pagination AJAX action (available to any authenticated user), leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-0193 | 1 Really-simple-plugins | 1 Complianz | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Complianz WordPress plugin before 6.0.0 does not escape the s parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-0189 | 1 Wprssaggregator | 1 Wp Rss Aggregator | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WP RSS Aggregator WordPress plugin before 4.20 does not sanitise and escape the id parameter in the wprss_fetch_items_row_action AJAX action before outputting it back in the response, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-0186 | 1 Machothemes | 1 Image Photo Gallery Final Tiles Grid | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The Image Photo Gallery Final Tiles Grid WordPress plugin before 3.5.3 does not sanitise and escape the Description field when editing a gallery, allowing users with a role as low as contributor to perform Cross-Site Scripting attacks against other users having access to the gallery dashboard | |||||
| CVE-2022-0182 | 1 Expresstech | 1 Quiz And Survey Master | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Stored cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.3.7 allows a remote authenticated attacker to inject an arbitrary script via an website that uses Quiz And Survey Master. | |||||
| CVE-2022-0181 | 1 Expresstech | 1 Quiz And Survey Master | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.3.7 allows a remote attacker to inject an arbitrary script via unspecified vectors. | |||||
| CVE-2022-0167 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 MEDIUM | 3.1 LOW |
| An issue has been discovered in GitLab affecting all versions starting from 14.0 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was not disabling the Autocomplete attribute of fields related to sensitive information making it possible to be retrieved under certain conditions. | |||||
| CVE-2022-0161 | 1 Ari-soft | 1 Ari Fancy Lightbox | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The ARI Fancy Lightbox WordPress plugin before 1.3.9 does not sanitise and escape the msg parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-0159 | 1 Orchardcore | 1 Orchardcore | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| orchardcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||||
| CVE-2022-0157 | 2 Fedoraproject, Phoronix-media | 2 Fedora, Phoronix Test Suite | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| phoronix-test-suite is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||||
| CVE-2022-0150 | 1 Wp Accessibility Helper Project | 1 Wp Accessibility Helper | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WP Accessibility Helper (WAH) WordPress plugin before 0.6.0.7 does not sanitise and escape the wahi parameter before outputting back its base64 decode value in the page, leading to a Reflected Cross-Site Scripting issue | |||||
| CVE-2022-0149 | 1 Visser | 1 Store Exporter For Woocommerce | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WooCommerce Stored Exporter WordPress plugin before 2.7.1 was affected by a Reflected Cross-Site Scripting (XSS) vulnerability in the woo_ce admin page. | |||||
| CVE-2022-0148 | 1 Premio | 1 Mystickyelements | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The All-in-one Floating Contact Form, Call, Chat, and 50+ Social Icon Tabs WordPress plugin before 2.0.4 was vulnerable to reflected XSS on the my-sticky-elements-leads admin page. | |||||
| CVE-2022-0147 | 1 Cookieinformation | 1 Wp-gdpr-compliance | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Cookie Information | Free GDPR Consent Solution WordPress plugin before 2.0.8 does not escape user data before outputting it back in attributes in the admin dashboard, leading to a Reflected Cross-Site Scripting issue | |||||
| CVE-2022-0145 | 1 Fork-cms | 1 Fork Cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository forkcms/forkcms prior to 5.11.1. | |||||
| CVE-2022-0121 | 1 Hoppscotch | 1 Hoppscotch | 2024-11-21 | 6.0 MEDIUM | 8.0 HIGH |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hoppscotch hoppscotch/hoppscotch.This issue affects hoppscotch/hoppscotch before 2.1.1. | |||||
| CVE-2022-0087 | 1 Keystonejs | 1 Keystone | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| keystone is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||||
| CVE-2022-0020 | 1 Paloaltonetworks | 1 Cortex Xsoar | 2024-11-21 | 3.5 LOW | 6.8 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in Palo Alto Network Cortex XSOAR web interface enables an authenticated network-based attacker to store a persistent javascript payload that will perform arbitrary actions in the Cortex XSOAR web interface on behalf of authenticated administrators who encounter the payload during normal operations. This issue impacts: All builds of Cortex XSOAR 6.1.0; Cortex XSOAR 6.2.0 builds earlier than build 1958888. | |||||