Export limit exceeded: 45776 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45776 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-2218 | 1 Parse-url Project | 1 Parse-url | 2024-11-21 | 6.1 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository ionicabizau/parse-url prior to 7.0.0. | ||||
| CVE-2022-2217 | 1 Parse-url Project | 1 Parse-url | 2024-11-21 | 6.1 Medium |
| Cross-site Scripting (XSS) - Generic in GitHub repository ionicabizau/parse-url prior to 7.0.0. | ||||
| CVE-2022-2215 | 1 Givewp | 1 Givewp | 2024-11-21 | 4.8 Medium |
| The GiveWP WordPress plugin before 2.21.3 does not properly sanitise and escape the currency settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2022-2194 | 1 Tipsandtricks-hq | 1 Accept Stripe | 2024-11-21 | 4.8 Medium |
| The Accept Stripe Payments WordPress plugin before 2.0.64 does not sanitize and escape some of its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | ||||
| CVE-2022-2189 | 1 Tipsandtricks-hq | 1 Wp Video Lightbox | 2024-11-21 | 6.1 Medium |
| The WP Video Lightbox WordPress plugin before 1.9.5 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers | ||||
| CVE-2022-2187 | 1 Contact Form 7 Captcha Project | 1 Contact Form 7 Captcha | 2024-11-21 | 6.1 Medium |
| The Contact Form 7 Captcha WordPress plugin before 0.1.2 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers | ||||
| CVE-2022-2186 | 1 Bracketspace | 1 Simple Post Notes | 2024-11-21 | 4.8 Medium |
| The Simple Post Notes WordPress plugin before 1.7.6 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | ||||
| CVE-2022-2181 | 1 Sigmaplugin | 1 Advanced Wordpress Reset | 2024-11-21 | 6.1 Medium |
| The Advanced WordPress Reset WordPress plugin before 1.6 does not escape some generated URLs before outputting them back in href attributes of admin dashboard pages, leading to Reflected Cross-Site Scripting | ||||
| CVE-2022-2174 | 1 Microweber | 1 Microweber | 2024-11-21 | 6.1 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.18. | ||||
| CVE-2022-2173 | 1 Sigmaplugin | 1 Advanced Database Cleaner | 2024-11-21 | 6.1 Medium |
| The Advanced Database Cleaner WordPress plugin before 3.1.1 does not escape numerous generated URLs before outputting them back in href attributes of admin dashboard pages, leading to Reflected Cross-Site Scripting | ||||
| CVE-2022-2170 | 1 Microsoft | 1 Microsoft Advertising Universal Event Tracking | 2024-11-21 | 4.8 Medium |
| The Microsoft Advertising Universal Event Tracking (UET) WordPress plugin before 1.0.4 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. Due to the nature of this plugin, well crafted XSS can also leak into the frontpage. | ||||
| CVE-2022-2169 | 1 Dwbooster | 1 Loading Page With Loading Screen | 2024-11-21 | 4.8 Medium |
| The Loading Page with Loading Screen WordPress plugin before 1.0.83 does not escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | ||||
| CVE-2022-2152 | 1 Duplicate Page And Post Project | 1 Duplicate Page And Post | 2024-11-21 | 4.8 Medium |
| The Duplicate Page and Post WordPress plugin before 2.8 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | ||||
| CVE-2022-2151 | 1 Emarketdesign | 1 Best Contact Management Software | 2024-11-21 | 4.8 Medium |
| The Best Contact Management Software WordPress plugin through 3.7.3 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | ||||
| CVE-2022-2149 | 1 Very Simple Breadcrumb Project | 1 Very Simple Breadcrumb | 2024-11-21 | 4.8 Medium |
| The Very Simple Breadcrumb WordPress plugin through 1.0 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | ||||
| CVE-2022-2148 | 1 Linkedin Company Updates Project | 1 Linkedin Company Updates | 2024-11-21 | 4.8 Medium |
| The LinkedIn Company Updates WordPress plugin through 1.5.3 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | ||||
| CVE-2022-2132 | 4 Debian, Dpdk, Fedoraproject and 1 more | 15 Debian Linux, Data Plane Development Kit, Fedora and 12 more | 2024-11-21 | 8.6 High |
| A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK. | ||||
| CVE-2022-2130 | 1 Microweber | 1 Microweber | 2024-11-21 | 6.1 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.17. | ||||
| CVE-2022-2118 | 1 Tooltulips | 1 404s | 2024-11-21 | 4.8 Medium |
| The 404s WordPress plugin before 3.5.1 does not sanitise and escape its fields, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | ||||
| CVE-2022-2116 | 1 Webacetechs | 1 Contact Form Db - Elementor | 2024-11-21 | 6.1 Medium |
| The Contact Form DB WordPress plugin before 1.8.0 does not sanitise and escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting | ||||