Total
37663 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-0558 | 1 Microweber | 1 Microweber | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11. | |||||
| CVE-2022-0542 | 1 Chatwoot | 1 Chatwoot | 2024-11-21 | N/A | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - DOM in GitHub repository chatwoot/chatwoot prior to 2.7.0. | |||||
| CVE-2022-0539 | 1 Beanstalk Console Project | 1 Beanstalk Console | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in Packagist ptrofimov/beanstalk_console prior to 1.7.14. | |||||
| CVE-2022-0535 | 1 E2pdf | 1 E2pdf | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The E2Pdf WordPress plugin before 1.16.45 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | |||||
| CVE-2022-0533 | 1 Metaphorcreations | 1 Ditty | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Ditty (formerly Ditty News Ticker) WordPress plugin before 3.0.15 is affected by a Reflected Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2022-0531 | 1 Wpvivid | 1 Migration\, Backup\, Staging | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Migration, Backup, Staging WordPress plugin before 0.9.70 does not sanitise and escape the sub_page parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting | |||||
| CVE-2022-0527 | 1 Chatwoot | 1 Chatwoot | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository chatwoot/chatwoot prior to 2.2.0. | |||||
| CVE-2022-0526 | 1 Chatwoot | 1 Chatwoot | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository chatwoot/chatwoot prior to 2.2.0. | |||||
| CVE-2022-0510 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Reflected in Packagist pimcore/pimcore prior to 10.3.1. | |||||
| CVE-2022-0509 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.3.1. | |||||
| CVE-2022-0506 | 1 Microweber | 1 Microweber | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11. | |||||
| CVE-2022-0503 | 1 Obtaininfotech | 1 Multisite Content Copier\/updater | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WordPress Multisite Content Copier/Updater WordPress plugin before 2.1.2 does not sanitise and escape the s parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue in the network dashboard | |||||
| CVE-2022-0502 | 1 Livehelperchat | 1 Live Helper Chat | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v. | |||||
| CVE-2022-0501 | 1 Beanstalk Console Project | 1 Beanstalk Console | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - Reflected in Packagist ptrofimov/beanstalk_console prior to 1.7.12. | |||||
| CVE-2022-0475 | 1 Otrs | 1 Otrs | 2024-11-21 | 3.5 LOW | 3.5 LOW |
| Malicious translator is able to inject JavaScript code in few translatable strings (where HTML is allowed). The code could be executed in the Package manager. This issue affects: OTRS AG OTRS 7.0.x version: 7.0.32 and prior versions, 8.0.x version: 8.0.19 and prior versions. | |||||
| CVE-2022-0473 | 1 Otrs | 1 Otrs | 2024-11-21 | 3.5 LOW | 3.8 LOW |
| OTRS administrators can configure dynamic field and inject malicious JavaScript code in the error message of the regular expression check. When used in the agent interface, malicious code might be exectued in the browser. This issue affects: OTRS AG OTRS 7.0.x version: 7.0.31 and prior versions. | |||||
| CVE-2022-0472 | 1 Laracom Project | 1 Laracom | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Unrestricted Upload of File with Dangerous Type in Packagist jsdecena/laracom prior to v2.0.9. | |||||
| CVE-2022-0471 | 1 Realfavicongenerator | 1 Favicon By Realfavicongenerator | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Favicon by RealFaviconGenerator WordPress plugin before 1.3.23 does not properly sanitise and escape the json_result_url parameter before outputting it back in the Favicon admin dashboard, leading to a Reflected Cross-Site Scripting issue | |||||
| CVE-2022-0449 | 1 Odude | 1 Flexi | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Flexi WordPress plugin before 4.20 does not sanitise and escape various parameters before outputting them back in some pages such as the user dashboard, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-0448 | 1 Dwbooster | 1 Cp Blocks | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The CP Blocks WordPress plugin before 1.0.15 does not sanitise and escape its "License ID" settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed. | |||||