Export limit exceeded: 45776 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45776 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-2115 | 1 Essentialplugin | 1 Popup Anything | 2024-11-21 | 6.1 Medium |
| The Popup Anything WordPress plugin before 2.1.7 does not sanitise and escape a parameter before outputting it back in a frontend page, leading to a Reflected Cross-Site Scripting | ||||
| CVE-2022-2114 | 1 Supsystic | 1 Data Tables Generator | 2024-11-21 | 4.8 Medium |
| The Data Tables Generator by Supsystic WordPress plugin before 1.10.20 does not sanitise and escape some of its Table settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2022-2113 | 1 Inventree Project | 1 Inventree | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository inventree/inventree prior to 0.7.2. | ||||
| CVE-2022-2100 | 1 Wpzinc | 1 Page Generator | 2024-11-21 | 4.8 Medium |
| The Page Generator WordPress plugin before 1.6.5 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | ||||
| CVE-2022-2093 | 1 Ninjateam | 1 Wp Duplicate Page | 2024-11-21 | 4.8 Medium |
| The WP Duplicate Page WordPress plugin before 1.3 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. | ||||
| CVE-2022-2092 | 1 Wpovernight | 1 Woocommerce Pdf Invoices\& Packing Slips | 2024-11-21 | 6.1 Medium |
| The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 2.16.0 doesn't escape a parameter on its setting page, making it possible for attackers to conduct reflected cross-site scripting attacks. | ||||
| CVE-2022-2090 | 1 Flycart | 1 Discount Rules For Woocommerce | 2024-11-21 | 6.1 Medium |
| The Discount Rules for WooCommerce WordPress plugin before 2.4.2 does not escape a parameter before outputting it back in an attribute of the plugin's discount rule page, leading to Reflected Cross-Site Scripting | ||||
| CVE-2022-2089 | 1 Bold-themes | 1 Bold Page Builder | 2024-11-21 | 4.8 Medium |
| The Bold Page Builder WordPress plugin before 4.3.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. | ||||
| CVE-2022-2072 | 1 Name Directory Project | 1 Name Directory | 2024-11-21 | 6.1 Medium |
| The Name Directory WordPress plugin before 1.25.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. Furthermore, as the payload is also saved into the database after the request, it leads to a Stored XSS as well | ||||
| CVE-2022-2066 | 1 Facturascripts | 1 Facturascripts | 2024-11-21 | 6.1 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository neorazorx/facturascripts prior to 2022.06. | ||||
| CVE-2022-2065 | 1 Facturascripts | 1 Facturascripts | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository neorazorx/facturascripts prior to 2022.06. | ||||
| CVE-2022-2060 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr/dolibarr prior to 16.0. | ||||
| CVE-2022-2059 | 1 Pandorafms | 1 Pandora Fms | 2024-11-21 | 3.5 Low |
| In Pandora FMS v7.0NG.761 and below, in the agent creation section, the alias parameter is vulnerable to a Stored Cross Site-Scripting. This vulnerability can be exploited by an attacker with administrator privileges logged in the system. | ||||
| CVE-2022-2050 | 1 Maxfoundry | 1 Wp-paginate | 2024-11-21 | 4.8 Medium |
| The WP-Paginate WordPress plugin before 2.1.9 does not escape one of its settings, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when unfiltered_html is disallowed | ||||
| CVE-2022-2036 | 1 Rosariosis | 1 Rosariosis | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0.1. | ||||
| CVE-2022-2035 | 1 Ltgplc | 1 Rustici Software Scorm Engine | 2024-11-21 | 6.1 Medium |
| A reflected cross-site scripting (XSS) vulnerability exists in the playerConfUrl parameter in the /defaultui/player/modern.html file for SCORM Engine versions < 20.1.45.914, 21.1.x < 21.1.7.219. The issue exists because there are no limitations on the domain or format of the url supplied by the user, allowing an attacker to craft malicious urls which can trigger a reflected XSS payload in the context of a victim's browser. | ||||
| CVE-2022-2032 | 1 Pandorafms | 1 Pandora Fms | 2024-11-21 | 3.5 Low |
| In Pandora FMS v7.0NG.761 and below, in the file manager section, the dirname parameter is vulnerable to a Stored Cross Site-Scripting. This vulnerability can be exploited by an attacker with administrator privileges logged in the system. | ||||
| CVE-2022-2029 | 1 Kromit | 1 Titra | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) - DOM in GitHub repository kromitgmbh/titra prior to 0.77.0. | ||||
| CVE-2022-2028 | 1 Kromit | 1 Titra | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) - Generic in GitHub repository kromitgmbh/titra prior to 0.77.0. | ||||
| CVE-2022-2026 | 1 Kromit | 1 Titra | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository kromitgmbh/titra prior to 0.77.0. | ||||