Total
37665 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-1088 | 1 Contextureintl | 1 Page Security \& Membership | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The Page Security & Membership WordPress plugin through 1.5.15 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | |||||
| CVE-2022-1087 | 1 Htmly | 1 Htmly | 2024-11-21 | 3.5 LOW | 3.5 LOW |
| A vulnerability, which was classified as problematic, has been found in htmly 5.3 whis affects the component Edit Profile Module. The manipulation of the field Title with script tags leads to persistent cross site scripting. The attack may be initiated remotely and requires an authentication. A simple POC has been disclosed to the public and may be used. | |||||
| CVE-2022-1086 | 1 Dolphinphp Project | 1 Dolphinphp | 2024-11-21 | 3.5 LOW | 3.5 LOW |
| A vulnerability was found in DolphinPHP up to 1.5.0 and classified as problematic. Affected by this issue is the User Management Page. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-1085 | 1 Cltphp | 1 Cltphp | 2024-11-21 | 4.3 MEDIUM | 3.5 LOW |
| A vulnerability was found in CLTPHP up to 6.0. It has been declared as problematic. Affected by this vulnerability is the POST Parameter Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-1081 | 1 Microfinance Management System Project | 1 Microfinance Management System | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in SourceCodester Microfinance Management System 1.0. It has been declared as problematic. This vulnerability affects the file /mims/app/addcustomerHandler.php. The manipulation of the argument first_name, middle_name, and surname leads to cross site scripting. The attack can be initiated remotely. | |||||
| CVE-2022-1079 | 1 One Church Management System Project | 1 One Church Management System | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| A vulnerability classified as problematic has been found in SourceCodester One Church Management System. Affected are multiple files and parameters which are prone to to cross site scripting. It is possible to launch the attack remotely. | |||||
| CVE-2022-1076 | 1 Automatic Question Paper Generator System Project | 1 Automatic Question Paper Generator System | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in Automatic Question Paper Generator System 1.0. It has been classified as problematic. This affects the file /aqpg/users/login.php of the component My Account Page. The manipulation of the argument First Name/Middle Name/Last Name leads to cross site scripting. It is possible to initiate the attack remotely. | |||||
| CVE-2022-1075 | 1 College Website Management System Project | 1 College Website Management System | 2024-11-21 | 3.5 LOW | 3.5 LOW |
| A vulnerability was found in College Website Management System 1.0 and classified as problematic. Affected by this issue is the file /cwms/classes/Master.php?f=save_contact of the component Contact Handler. The manipulation leads to persistent cross site scripting. The attack may be launched remotely and requires authentication. | |||||
| CVE-2022-1074 | 1 Tem | 2 Flex-1085, Flex-1085 Firmware | 2024-11-21 | 3.5 LOW | 4.3 MEDIUM |
| A vulnerability has been found in TEM FLEX-1085 1.6.0 and classified as problematic. Using the input <h1>HTML Injection</h1> in the WiFi settings of the dashboard leads to html injection. | |||||
| CVE-2022-1063 | 1 Thank Me Later Project | 1 Thank Me Later | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The Thank Me Later WordPress plugin through 3.3.4 does not sanitise and escape the Message Subject field before outputting it in the Messages list, which could allow high privileges users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | |||||
| CVE-2022-1062 | 1 Th23 | 1 Th23 Social | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The th23 Social WordPress plugin through 1.2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | |||||
| CVE-2022-1051 | 1 2code | 1 Wpqa Builder | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The WPQA Builder Plugin WordPress plugin before 5.2, used as a companion plugin for the Discy and Himer , does not sanitise and escape the city, phone or profile credentials fields when outputting it in the profile page, allowing any authenticated user to perform Cross-Site Scripting attacks. | |||||
| CVE-2022-1047 | 1 Themify | 1 Post Type Builder Search Addon | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Themify Post Type Builder Search Addon WordPress plugin before 1.4.0 does not properly escape the current page URL before reusing it in a HTML attribute, leading to a reflected cross site scripting vulnerability. | |||||
| CVE-2022-1046 | 1 Vfbpro | 1 Visual Form Builder | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The Visual Form Builder WordPress plugin before 3.0.7 does not sanitise and escape the form's 'Email to' field , which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | |||||
| CVE-2022-1029 | 1 Miniorange | 1 Limit Login Attempts | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The Limit Login Attempts WordPress plugin before 4.0.72 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfiltered_html is disallowed (for example in multisite setup) | |||||
| CVE-2022-1028 | 1 Miniorange | 1 Wordpress Security | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The WordPress Security Firewall, Malware Scanner, Secure Login and Backup plugin before 4.2.1 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfiltered_html is disallowed (for example in multisite setup) | |||||
| CVE-2022-1027 | 1 Minioragne | 1 Page Restriction | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The Page Restriction WordPress (WP) WordPress plugin before 1.2.7 allows bad actors with administrator privileges to the settings page to inject Javascript code to its settings leading to stored Cross-Site Scripting that will only affect administrator users. | |||||
| CVE-2022-1022 | 1 Chatwoot | 1 Chatwoot | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository chatwoot/chatwoot prior to 2.5.0. | |||||
| CVE-2022-1021 | 1 Chatwoot | 1 Chatwoot | 2024-11-21 | N/A | 5.4 MEDIUM |
| Insecure Storage of Sensitive Information in GitHub repository chatwoot/chatwoot prior to 2.6.0. | |||||
| CVE-2022-1010 | 1 Miniorange | 1 Login Using Wordpress Users | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The Login using WordPress Users ( WP as SAML IDP ) WordPress plugin before 1.13.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||