Total
39597 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-2113 | 1 Inventree Project | 1 Inventree | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository inventree/inventree prior to 0.7.2. | |||||
| CVE-2022-2100 | 1 Wpzinc | 1 Page Generator | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The Page Generator WordPress plugin before 1.6.5 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | |||||
| CVE-2022-2093 | 1 Ninjateam | 1 Wp Duplicate Page | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The WP Duplicate Page WordPress plugin before 1.3 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. | |||||
| CVE-2022-2092 | 1 Wpovernight | 1 Woocommerce Pdf Invoices\& Packing Slips | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 2.16.0 doesn't escape a parameter on its setting page, making it possible for attackers to conduct reflected cross-site scripting attacks. | |||||
| CVE-2022-2090 | 1 Flycart | 1 Discount Rules For Woocommerce | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Discount Rules for WooCommerce WordPress plugin before 2.4.2 does not escape a parameter before outputting it back in an attribute of the plugin's discount rule page, leading to Reflected Cross-Site Scripting | |||||
| CVE-2022-2089 | 1 Bold-themes | 1 Bold Page Builder | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The Bold Page Builder WordPress plugin before 4.3.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. | |||||
| CVE-2022-2087 | 1 Bank Management System Project | 1 Bank Management System | 2024-11-21 | 3.5 LOW | 3.5 LOW |
| A vulnerability, which was classified as problematic, was found in SourceCodester Bank Management System 1.0. This affects the file /mnotice.php?id=2. The manipulation of the argument notice with the input <script>alert(1)</script> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-2072 | 1 Name Directory Project | 1 Name Directory | 2024-11-21 | N/A | 6.1 MEDIUM |
| The Name Directory WordPress plugin before 1.25.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. Furthermore, as the payload is also saved into the database after the request, it leads to a Stored XSS as well | |||||
| CVE-2022-2066 | 1 Facturascripts | 1 Facturascripts | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - Reflected in GitHub repository neorazorx/facturascripts prior to 2022.06. | |||||
| CVE-2022-2065 | 1 Facturascripts | 1 Facturascripts | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository neorazorx/facturascripts prior to 2022.06. | |||||
| CVE-2022-2060 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr/dolibarr prior to 16.0. | |||||
| CVE-2022-2059 | 1 Pandorafms | 1 Pandora Fms | 2024-11-21 | N/A | 3.5 LOW |
| In Pandora FMS v7.0NG.761 and below, in the agent creation section, the alias parameter is vulnerable to a Stored Cross Site-Scripting. This vulnerability can be exploited by an attacker with administrator privileges logged in the system. | |||||
| CVE-2022-2050 | 1 Maxfoundry | 1 Wp-paginate | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The WP-Paginate WordPress plugin before 2.1.9 does not escape one of its settings, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when unfiltered_html is disallowed | |||||
| CVE-2022-2036 | 1 Rosariosis | 1 Rosariosis | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0.1. | |||||
| CVE-2022-2035 | 1 Ltgplc | 1 Rustici Software Scorm Engine | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected cross-site scripting (XSS) vulnerability exists in the playerConfUrl parameter in the /defaultui/player/modern.html file for SCORM Engine versions < 20.1.45.914, 21.1.x < 21.1.7.219. The issue exists because there are no limitations on the domain or format of the url supplied by the user, allowing an attacker to craft malicious urls which can trigger a reflected XSS payload in the context of a victim's browser. | |||||
| CVE-2022-2032 | 1 Pandorafms | 1 Pandora Fms | 2024-11-21 | N/A | 3.5 LOW |
| In Pandora FMS v7.0NG.761 and below, in the file manager section, the dirname parameter is vulnerable to a Stored Cross Site-Scripting. This vulnerability can be exploited by an attacker with administrator privileges logged in the system. | |||||
| CVE-2022-2029 | 1 Kromit | 1 Titra | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - DOM in GitHub repository kromitgmbh/titra prior to 0.77.0. | |||||
| CVE-2022-2028 | 1 Kromit | 1 Titra | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Generic in GitHub repository kromitgmbh/titra prior to 0.77.0. | |||||
| CVE-2022-2026 | 1 Kromit | 1 Titra | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository kromitgmbh/titra prior to 0.77.0. | |||||
| CVE-2022-2020 | 1 Prison Management System Project | 1 Prison Management System | 2024-11-21 | 3.5 LOW | 2.4 LOW |
| A vulnerability, which was classified as problematic, has been found in SourceCodester Prison Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/?page=system_info of the component System Name Handler. The manipulation with the input <img src="" onerror="alert(1)"> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||