Total
37663 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-0379 | 1 Microweber | 1 Microweber | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11. | |||||
| CVE-2022-0378 | 1 Microweber | 1 Microweber | 2024-11-21 | 4.3 MEDIUM | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11. | |||||
| CVE-2022-0376 | 1 User-meta | 1 User Meta User Profile Builder And User Management | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The User Meta WordPress plugin before 2.4.3 does not sanitise and escape the Form Name, as well as Shared Field Labels before outputting them in the admin dashboard when editing a form, which could allow high privilege users to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | |||||
| CVE-2022-0375 | 1 Livehelperchat | 1 Live Helper Chat | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v. | |||||
| CVE-2022-0374 | 1 Livehelperchat | 1 Live Helper Chat | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v. | |||||
| CVE-2022-0372 | 1 Craterapp | 1 Crater | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in Packagist bytefury/crater prior to 6.0.2. | |||||
| CVE-2022-0370 | 1 Livehelperchat | 1 Livehelperchat | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v. | |||||
| CVE-2022-0364 | 1 Webnus | 1 Modern Events Calendar Lite | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The Modern Events Calendar Lite WordPress plugin before 6.4.0 does not sanitize and escape some of the Hourly Schedule parameters which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2022-0360 | 1 Smackcoders | 1 Import All Pages\, Post Types\, Products\, Orders\, And Users As Xml \& Csv | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The Easy Drag And drop All Import : WP Ultimate CSV Importer WordPress plugin before 6.4.3 does not sanitise and escaped imported comments, which could allow high privilege users to import malicious ones (either intentionnaly or not) and lead to Stored Cross-Site Scripting issues | |||||
| CVE-2022-0352 | 1 Janeczku | 1 Calibre-web | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - Reflected in Pypi calibreweb prior to 0.6.16. | |||||
| CVE-2022-0350 | 1 B3log | 1 Vditor | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vditor prior to 3.8.13. | |||||
| CVE-2022-0348 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.2. | |||||
| CVE-2022-0347 | 1 Wpbrigade | 1 Loginpress | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The LoginPress | Custom Login Page Customizer WordPress plugin before 1.5.12 does not escape the redirect-page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-0346 | 1 Xmlsitemapgenerator | 1 Xml Sitemap Generator | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The XML Sitemap Generator for Google WordPress plugin before 2.0.4 does not validate a parameter which can be set to an arbitrary value, thus causing XSS via error message or RCE if allow_url_include is turned on. | |||||
| CVE-2022-0341 | 1 B3log | 1 Vditor | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vditor prior to 3.8.12. | |||||
| CVE-2022-0327 | 1 Jeweltheme | 1 Master Addons For Elementor | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Master Addons for Elementor WordPress plugin before 1.8.5 does not sanitise and escape the error_message parameter before outputting it back in the response of the jltma_restrict_content AJAX action, available to unauthenticated and authenticated users, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-0321 | 1 Ohiowebtech | 1 Wp Voting Contest | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WP Voting Contest WordPress plugin before 3.0 does not sanitise and escape the post_id parameter before outputting it back in the response via the wpvc_social_share_icons AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-Site Scripting issue | |||||
| CVE-2022-0314 | 1 Presscustomizr | 1 Nimble Page Builder | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Nimble Page Builder WordPress plugin before 3.2.2 does not sanitise and escape the preview-level-guid parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-0288 | 2 Ad Inserter Pro Project, Ad Inserter Project | 2 Ad Inserter Pro, Ad Inserter | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Ad Inserter WordPress plugin before 2.7.10, Ad Inserter Pro WordPress plugin before 2.7.10 do not sanitise and escape the html_element_selection parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-0285 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.2.9. | |||||