Total
44255 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-0906 | 1 Microweber | 1 Microweber | 2024-11-21 | 4.8 Medium |
| Unrestricted file upload leads to stored XSS in GitHub repository microweber/microweber prior to 1.1.12. | ||||
| CVE-2022-0901 | 1 Ad Inserter Project | 1 Ad Inserter | 2024-11-21 | 6.1 Medium |
| The Ad Inserter Free and Pro WordPress plugins before 2.7.12 do not sanitise and escape the REQUEST_URI before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting in browsers which do not encode characters | ||||
| CVE-2022-0899 | 1 Draftpress | 1 Header Footer Code Manager | 2024-11-21 | 6.1 Medium |
| The Header Footer Code Manager WordPress plugin before 1.1.24 does not escape generated URLs before outputting them back in attributes in an admin page, leading to a Reflected Cross-Site Scripting. | ||||
| CVE-2022-0898 | 1 Getigniteup | 1 Igniteup | 2024-11-21 | 5.4 Medium |
| The IgniteUp WordPress plugin through 3.4.1 does not sanitise and escape some fields when high privilege users don't have the unfiltered_html capability, which could lead to Stored Cross-Site Scripting issues | ||||
| CVE-2022-0894 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0. | ||||
| CVE-2022-0893 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0. | ||||
| CVE-2022-0892 | 1 Atlasgondal | 1 Export All Urls | 2024-11-21 | 6.1 Medium |
| The Export All URLs WordPress plugin before 4.2 does not sanitise and escape the CSV filename before outputting it back in the page, leading to a Reflected Cross-Site Scripting | ||||
| CVE-2022-0884 | 1 Cozmoslabs | 1 Profile Builder | 2024-11-21 | 4.8 Medium |
| The Profile Builder WordPress plugin before 3.6.8 does not sanitise and escape Form Fields titles and description, which could allow high privilege user such as admin to perform Criss-Site Scripting attacks even when unfiltered_html is disallowed | ||||
| CVE-2022-0880 | 1 Showdoc | 1 Showdoc | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository star7th/showdoc prior to 2.10.2. | ||||
| CVE-2022-0879 | 1 Calderaforms | 1 Caldera Forms | 2024-11-21 | 6.1 Medium |
| The Caldera Forms WordPress plugin before 1.9.7 does not validate and escape the cf-api parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting | ||||
| CVE-2022-0877 | 1 Bookstackapp | 1 Bookstack | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository bookstackapp/bookstack prior to v22.02.3. | ||||
| CVE-2022-0876 | 1 Wpdevart | 1 Social Comments | 2024-11-21 | 4.8 Medium |
| The Social comments by WpDevArt WordPress plugin before 2.5.0 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when unfiltered_html is disallowed | ||||
| CVE-2022-0874 | 1 Wp-experts | 1 Wp Social Buttons | 2024-11-21 | 4.8 Medium |
| The WP Social Buttons WordPress plugin through 2.1 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | ||||
| CVE-2022-0873 | 1 Codeasily | 1 Gmedia Gallery | 2024-11-21 | 4.8 Medium |
| The Gmedia Photo Gallery WordPress plugin before 1.20.0 does not sanitise and escape the Album's name before outputting it in pages/posts with a media embed, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered-html capability is disallowed | ||||
| CVE-2022-0864 | 1 Updraftplus | 1 Updraftplus | 2024-11-21 | 6.1 Medium |
| The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.22.9 does not sanitise and escape the updraft_interval parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting (XSS) vulnerability. | ||||
| CVE-2022-0857 | 1 Mcafee | 1 Epolicy Orchestrator | 2024-11-21 | 5.4 Medium |
| A reflected cross-site scripting (XSS) vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote attacker to potentially obtain access to an ePO administrator's session by convincing the attacker to click on a carefully crafted link. This would lead to limited access to sensitive information and limited ability to alter some information in ePO due to the area of the User Interface the vulnerability is present in. | ||||
| CVE-2022-0840 | 1 Cybernetikz | 1 Easy Social Icons | 2024-11-21 | 4.8 Medium |
| The Easy Social Icons WordPress plugin before 3.2.1 does not properly escape the image_file field when adding a new social icon, allowing high privileged users to inject arbitrary javascript even when the unfiltered_html capability is disallowed. | ||||
| CVE-2022-0838 | 1 Hestiacp | 1 Control Panel | 2024-11-21 | 6.1 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.5.10. | ||||
| CVE-2022-0832 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3. | ||||
| CVE-2022-0831 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3. | ||||