Total
39597 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-25613 | 1 Foliovision | 1 Fv Flowplayer Video Player | 2024-11-21 | 3.5 LOW | 4.1 MEDIUM |
| Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in FV Flowplayer Video Player (WordPress plugin) versions <= 7.5.18.727 via &fv_wp_flowplayer_field_splash parameter. | |||||
| CVE-2022-25612 | 1 Presstigers | 1 Simple Event Planner | 2024-11-21 | 3.5 LOW | 4.1 MEDIUM |
| Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities in Simple Event Planner WordPress plugin <= 1.5.4 allows user with author or higher user rights inject the malicious code via vulnerable parameters: &custom[event_organiser], &custom[organiser_email], &custom[organiser_contact]. | |||||
| CVE-2022-25611 | 1 Presstigers | 1 Simple Event Planner | 2024-11-21 | 3.5 LOW | 4.1 MEDIUM |
| Authenticated Stored Cross-Site Scripting (XSS) in Simple Event Planner plugin <= 1.5.4 allows attackers with contributor or higher user roles to inject the malicious script by using vulnerable parameter &custom[add_seg][]. | |||||
| CVE-2022-25610 | 1 Plugin-planet | 1 Simple Ajax Chat | 2024-11-21 | 4.3 MEDIUM | 3.4 LOW |
| Unauthenticated Stored Cross-Site Scripting (XSS) in Simple Ajax Chat <= 20220115 allows an attacker to store the malicious code. However, the attack requires specific conditions, making it hard to exploit. | |||||
| CVE-2022-25609 | 1 Yooslider | 1 Yoo Slider | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Stored Cross-Site Scripting (XSS) in Yoo Slider – Image Slider & Video Slider (WordPress plugin) allows attackers with contributor or higher user role to inject the malicious code. | |||||
| CVE-2022-25606 | 1 Wp-downloadmanager Project | 1 Wp-downloadmanager | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities discovered in WP-DownloadManager WordPress plugin (versions <= 1.68.6). Vulnerable parameters &download_path, &download_path_url, &download_page_url, &download_categories. | |||||
| CVE-2022-25605 | 1 Wp-downloadmanager Project | 1 Wp-downloadmanager | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities discovered in WP-DownloadManager WordPress plugin (versions <= 1.68.6). Vvulnerable parameters &download_path, &download_path_url, &download_page_url. | |||||
| CVE-2022-25604 | 1 Price Table Project | 1 Price Table | 2024-11-21 | 3.5 LOW | 4.1 MEDIUM |
| Authenticated (contributor of higher user role) Stored Cross-Site Scripting (XSS) vulnerability discovered in WordPress Price Table plugin (versions <= 0.2.2). | |||||
| CVE-2022-25603 | 1 Maxfoundry | 1 Maxgalleria | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability discovered in MaxGalleria WordPress plugin (versions 6.2.5). | |||||
| CVE-2022-25601 | 2 Fedoraproject, Plugin-planet | 2 Fedora, Contact Form X | 2024-11-21 | 4.3 MEDIUM | 4.7 MEDIUM |
| Reflected Cross-Site Scripting (XSS) vulnerability affecting parameter &tab discovered in Contact Form X WordPress plugin (versions <= 2.4). | |||||
| CVE-2022-25585 | 1 Unioncms Project | 1 Unioncms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Unioncms v1.0.13 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Default settings. | |||||
| CVE-2022-25582 | 1 Classcms Project | 1 Classcms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the Column module of ClassCMS v2.5 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Add Articles field. | |||||
| CVE-2022-25575 | 1 Hongmen | 1 Parking Management System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Parking Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via crafted payloads injected into the user name, password, and verification code text boxes. | |||||
| CVE-2022-25574 | 1 Douco | 1 Douphp | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the upload function of /admin/show.php allows attackers to execute arbitrary web scripts or HTML via a crafted image file. | |||||
| CVE-2022-25507 | 1 Freetakserver-ui Project | 1 Freetakserver-ui | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| FreeTAKServer-UI v1.9.8 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Callsign parameter. | |||||
| CVE-2022-25493 | 1 Hospital Management System Project | 1 Hospital Management System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| HMS v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via treatmentrecord.php. | |||||
| CVE-2022-25489 | 1 Thedigitalcraft | 1 Atomcms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Atom CMS v2.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the "A" parameter in /widgets/debug.php. | |||||
| CVE-2022-25464 | 1 Html-js | 1 Doracms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the component /admin/contenttemp of DoraCMS v2.1.8 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | |||||
| CVE-2022-25413 | 1 Max-3000 | 1 Maxsite Cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Maxsite CMS v108 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the parameter f_tags at /admin/page_edit/3. | |||||
| CVE-2022-25410 | 1 Max-3000 | 1 Maxsite Cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Maxsite CMS v180 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the parameter f_file_description at /admin/files. | |||||