Export limit exceeded: 348229 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45721 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-0321 | 1 Ohiowebtech | 1 Wp Voting Contest | 2024-11-21 | 6.1 Medium |
| The WP Voting Contest WordPress plugin before 3.0 does not sanitise and escape the post_id parameter before outputting it back in the response via the wpvc_social_share_icons AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-Site Scripting issue | ||||
| CVE-2022-0314 | 1 Presscustomizr | 1 Nimble Page Builder | 2024-11-21 | 6.1 Medium |
| The Nimble Page Builder WordPress plugin before 3.2.2 does not sanitise and escape the preview-level-guid parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting | ||||
| CVE-2022-0288 | 2 Ad Inserter Pro Project, Ad Inserter Project | 2 Ad Inserter Pro, Ad Inserter | 2024-11-21 | 6.1 Medium |
| The Ad Inserter WordPress plugin before 2.7.10, Ad Inserter Pro WordPress plugin before 2.7.10 do not sanitise and escape the html_element_selection parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting | ||||
| CVE-2022-0285 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.2.9. | ||||
| CVE-2022-0278 | 1 Microweber | 1 Microweber | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11. | ||||
| CVE-2022-0274 | 1 Orchardcore | 1 Orchardcore | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in NuGet OrchardCore.Application.Cms.Targets prior to 1.2.2. | ||||
| CVE-2022-0271 | 1 Thimpress | 1 Learnpress | 2024-11-21 | 6.1 Medium |
| The LearnPress WordPress plugin before 4.1.6 does not sanitise and escape the lp-dismiss-notice before outputting it back via the lp_background_single_email AJAX action, leading to a Reflected Cross-Site Scripting | ||||
| CVE-2022-0268 | 1 Getgrav | 1 Grav | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in Packagist getgrav/grav prior to 1.7.28. | ||||
| CVE-2022-0262 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 6.1 Medium |
| Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.2.7. | ||||
| CVE-2022-0260 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.2.7. | ||||
| CVE-2022-0257 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 5.4 Medium |
| pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ||||
| CVE-2022-0256 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 5.4 Medium |
| pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ||||
| CVE-2022-0253 | 1 Livehelperchat | 1 Livehelperchat | 2024-11-21 | 5.4 Medium |
| livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ||||
| CVE-2022-0252 | 1 Givewp | 1 Givewp | 2024-11-21 | 6.1 Medium |
| The GiveWP WordPress plugin before 2.17.3 does not escape the json parameter before outputting it back in an attribute in the Import admin dashboard, leading to a Reflected Cross-Site Scripting | ||||
| CVE-2022-0251 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.2.10. | ||||
| CVE-2022-0250 | 1 Redirection-for-contact-form7 | 1 Redirection For Contact Form 7 | 2024-11-21 | 6.1 Medium |
| The Redirection for Contact Form 7 WordPress plugin before 2.5.0 does not escape a link generated before outputting it in an attribute, leading to a Reflected Cross-Site Scripting | ||||
| CVE-2022-0248 | 1 Contact Form Submissions Project | 1 Contact Form Submissions | 2024-11-21 | 6.1 Medium |
| The Contact Form Submissions WordPress plugin before 1.7.3 does not sanitise and escape additional fields in contact form requests before outputting them in the related submission. As a result, unauthenticated attacker could perform Cross-Site Scripting attacks against admins viewing the malicious submission | ||||
| CVE-2022-0243 | 1 Orchardcore | 1 Orchardcore | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in NuGet OrchardCore.Application.Cms.Targets prior to 1.2.2. | ||||
| CVE-2022-0234 | 1 Pluginus | 1 Woocs | 2024-11-21 | 6.1 Medium |
| The WOOCS WordPress plugin before 1.3.7.5 does not sanitise and escape the woocs_in_order_currency parameter of the woocs_get_products_price_html AJAX action (available to both unauthenticated and authenticated users) before outputting it back in the response, leading to a Reflected Cross-Site Scripting | ||||
| CVE-2022-0230 | 1 Bwp-google-xml-sitemaps Project | 1 Bwp-google-xml-sitemaps | 2024-11-21 | 6.1 Medium |
| The Better WordPress Google XML Sitemaps WordPress plugin through 1.4.1 does not sanitise and escape its logs when outputting them in the admin dashboard, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks against admins | ||||