Total
37663 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-0282 | 1 Microweber | 1 Microweber | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
| Cross-site Scripting in Packagist microweber/microweber prior to 1.2.11. | |||||
| CVE-2022-0278 | 1 Microweber | 1 Microweber | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11. | |||||
| CVE-2022-0274 | 1 Orchardcore | 1 Orchardcore | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in NuGet OrchardCore.Application.Cms.Targets prior to 1.2.2. | |||||
| CVE-2022-0271 | 1 Thimpress | 1 Learnpress | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The LearnPress WordPress plugin before 4.1.6 does not sanitise and escape the lp-dismiss-notice before outputting it back via the lp_background_single_email AJAX action, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-0268 | 1 Getgrav | 1 Grav | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in Packagist getgrav/grav prior to 1.7.28. | |||||
| CVE-2022-0262 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.2.7. | |||||
| CVE-2022-0260 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.2.7. | |||||
| CVE-2022-0257 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||||
| CVE-2022-0256 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||||
| CVE-2022-0253 | 1 Livehelperchat | 1 Livehelperchat | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||||
| CVE-2022-0252 | 1 Givewp | 1 Givewp | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The GiveWP WordPress plugin before 2.17.3 does not escape the json parameter before outputting it back in an attribute in the Import admin dashboard, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-0251 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.2.10. | |||||
| CVE-2022-0250 | 1 Redirection-for-contact-form7 | 1 Redirection For Contact Form 7 | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Redirection for Contact Form 7 WordPress plugin before 2.5.0 does not escape a link generated before outputting it in an attribute, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-0248 | 1 Contact Form Submissions Project | 1 Contact Form Submissions | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Contact Form Submissions WordPress plugin before 1.7.3 does not sanitise and escape additional fields in contact form requests before outputting them in the related submission. As a result, unauthenticated attacker could perform Cross-Site Scripting attacks against admins viewing the malicious submission | |||||
| CVE-2022-0243 | 1 Orchardcore | 1 Orchardcore | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in NuGet OrchardCore.Application.Cms.Targets prior to 1.2.2. | |||||
| CVE-2022-0234 | 1 Pluginus | 1 Woocs | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WOOCS WordPress plugin before 1.3.7.5 does not sanitise and escape the woocs_in_order_currency parameter of the woocs_get_products_price_html AJAX action (available to both unauthenticated and authenticated users) before outputting it back in the response, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-0233 | 1 Metagauss | 1 Profilegrid | 2024-11-21 | 3.5 LOW | 6.4 MEDIUM |
| The ProfileGrid – User Profiles, Memberships, Groups and Communities WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the pm_user_avatar and pm_cover_image parameters found in the ~/admin/class-profile-magic-admin.php file which allows attackers with authenticated user access, such as subscribers, to inject arbitrary web scripts into their profile, in versions up to and including 1.2.7. | |||||
| CVE-2022-0232 | 1 Metagauss | 1 Leadmagic | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The User Registration, Login & Landing Pages WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the loader_text parameter found in the ~/includes/templates/landing-page.php file which allows attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.2.7. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. | |||||
| CVE-2022-0230 | 1 Bwp-google-xml-sitemaps Project | 1 Bwp-google-xml-sitemaps | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Better WordPress Google XML Sitemaps WordPress plugin through 1.4.1 does not sanitise and escape its logs when outputting them in the admin dashboard, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks against admins | |||||
| CVE-2022-0225 | 1 Redhat | 2 Keycloak, Single Sign-on | 2024-11-21 | N/A | 5.4 MEDIUM |
| A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting (XSS) attack. | |||||