Total
37663 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-0893 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0. | |||||
| CVE-2022-0892 | 1 Atlasgondal | 1 Export All Urls | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Export All URLs WordPress plugin before 4.2 does not sanitise and escape the CSV filename before outputting it back in the page, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-0889 | 1 Ninjaforms | 1 Ninja Forms File Uploads | 2024-11-21 | 4.3 MEDIUM | 7.2 HIGH |
| The Ninja Forms - File Uploads Extension WordPress plugin is vulnerable to reflected cross-site scripting due to missing sanitization of the files filename parameter found in the ~/includes/ajax/controllers/uploads.php file which can be used by unauthenticated attackers to add malicious web scripts to vulnerable WordPress sites, in versions up to and including 3.3.12. | |||||
| CVE-2022-0884 | 1 Cozmoslabs | 1 Profile Builder | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The Profile Builder WordPress plugin before 3.6.8 does not sanitise and escape Form Fields titles and description, which could allow high privilege user such as admin to perform Criss-Site Scripting attacks even when unfiltered_html is disallowed | |||||
| CVE-2022-0880 | 1 Showdoc | 1 Showdoc | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository star7th/showdoc prior to 2.10.2. | |||||
| CVE-2022-0879 | 1 Calderaforms | 1 Caldera Forms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Caldera Forms WordPress plugin before 1.9.7 does not validate and escape the cf-api parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-0877 | 1 Bookstackapp | 1 Bookstack | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository bookstackapp/bookstack prior to v22.02.3. | |||||
| CVE-2022-0876 | 1 Wpdevart | 1 Social Comments | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The Social comments by WpDevArt WordPress plugin before 2.5.0 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when unfiltered_html is disallowed | |||||
| CVE-2022-0874 | 1 Wp-experts | 1 Wp Social Buttons | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The WP Social Buttons WordPress plugin through 2.1 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | |||||
| CVE-2022-0873 | 1 Codeasily | 1 Gmedia Gallery | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The Gmedia Photo Gallery WordPress plugin before 1.20.0 does not sanitise and escape the Album's name before outputting it in pages/posts with a media embed, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered-html capability is disallowed | |||||
| CVE-2022-0864 | 1 Updraftplus | 1 Updraftplus | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.22.9 does not sanitise and escape the updraft_interval parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2022-0858 | 1 Mcafee | 1 Epolicy Orchestrator | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site scripting (XSS) vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote attacker to potentially obtain access to an ePO administrator's session by convincing the attacker to click on a carefully crafted link. This would lead to limited ability to alter some information in ePO due to the area of the User Interface the vulnerability is present in. | |||||
| CVE-2022-0857 | 1 Mcafee | 1 Epolicy Orchestrator | 2024-11-21 | 4.3 MEDIUM | 5.4 MEDIUM |
| A reflected cross-site scripting (XSS) vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote attacker to potentially obtain access to an ePO administrator's session by convincing the attacker to click on a carefully crafted link. This would lead to limited access to sensitive information and limited ability to alter some information in ePO due to the area of the User Interface the vulnerability is present in. | |||||
| CVE-2022-0840 | 1 Cybernetikz | 1 Easy Social Icons | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The Easy Social Icons WordPress plugin before 3.2.1 does not properly escape the image_file field when adding a new social icon, allowing high privileged users to inject arbitrary javascript even when the unfiltered_html capability is disallowed. | |||||
| CVE-2022-0838 | 1 Hestiacp | 1 Control Panel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.5.10. | |||||
| CVE-2022-0834 | 1 Wpamelia | 1 Amelia | 2024-11-21 | 3.5 LOW | 7.2 HIGH |
| The Amelia WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the lastName parameter found in the ~/src/Application/Controller/User/Customer/AddCustomerController.php file which allows attackers to inject arbitrary web scripts onto a pages that executes whenever a user accesses the booking calendar with the date the attacker has injected the malicious payload into. This affects versions up to and including 1.0.46. | |||||
| CVE-2022-0832 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3. | |||||
| CVE-2022-0831 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3. | |||||
| CVE-2022-0822 | 1 Orchardcore | 1 Orchardcore | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Reflected in GitHub repository orchardcms/orchardcore prior to 1.3.0. | |||||
| CVE-2022-0820 | 1 Orchardcore | 1 Orchardcore | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository orchardcms/orchardcore prior to 1.3.0. | |||||