Export limit exceeded: 45729 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45729 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-0898 | 1 Getigniteup | 1 Igniteup | 2024-11-21 | 5.4 Medium |
| The IgniteUp WordPress plugin through 3.4.1 does not sanitise and escape some fields when high privilege users don't have the unfiltered_html capability, which could lead to Stored Cross-Site Scripting issues | ||||
| CVE-2022-0894 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0. | ||||
| CVE-2022-0893 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0. | ||||
| CVE-2022-0892 | 1 Atlasgondal | 1 Export All Urls | 2024-11-21 | 6.1 Medium |
| The Export All URLs WordPress plugin before 4.2 does not sanitise and escape the CSV filename before outputting it back in the page, leading to a Reflected Cross-Site Scripting | ||||
| CVE-2022-0884 | 1 Cozmoslabs | 1 Profile Builder | 2024-11-21 | 4.8 Medium |
| The Profile Builder WordPress plugin before 3.6.8 does not sanitise and escape Form Fields titles and description, which could allow high privilege user such as admin to perform Criss-Site Scripting attacks even when unfiltered_html is disallowed | ||||
| CVE-2022-0880 | 1 Showdoc | 1 Showdoc | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository star7th/showdoc prior to 2.10.2. | ||||
| CVE-2022-0879 | 1 Calderaforms | 1 Caldera Forms | 2024-11-21 | 6.1 Medium |
| The Caldera Forms WordPress plugin before 1.9.7 does not validate and escape the cf-api parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting | ||||
| CVE-2022-0877 | 1 Bookstackapp | 1 Bookstack | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository bookstackapp/bookstack prior to v22.02.3. | ||||
| CVE-2022-0876 | 1 Wpdevart | 1 Social Comments | 2024-11-21 | 4.8 Medium |
| The Social comments by WpDevArt WordPress plugin before 2.5.0 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when unfiltered_html is disallowed | ||||
| CVE-2022-0874 | 1 Wp-experts | 1 Wp Social Buttons | 2024-11-21 | 4.8 Medium |
| The WP Social Buttons WordPress plugin through 2.1 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | ||||
| CVE-2022-0873 | 1 Codeasily | 1 Gmedia Gallery | 2024-11-21 | 4.8 Medium |
| The Gmedia Photo Gallery WordPress plugin before 1.20.0 does not sanitise and escape the Album's name before outputting it in pages/posts with a media embed, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered-html capability is disallowed | ||||
| CVE-2022-0864 | 1 Updraftplus | 1 Updraftplus | 2024-11-21 | 6.1 Medium |
| The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.22.9 does not sanitise and escape the updraft_interval parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting (XSS) vulnerability. | ||||
| CVE-2022-0857 | 1 Mcafee | 1 Epolicy Orchestrator | 2024-11-21 | 5.4 Medium |
| A reflected cross-site scripting (XSS) vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote attacker to potentially obtain access to an ePO administrator's session by convincing the attacker to click on a carefully crafted link. This would lead to limited access to sensitive information and limited ability to alter some information in ePO due to the area of the User Interface the vulnerability is present in. | ||||
| CVE-2022-0840 | 1 Cybernetikz | 1 Easy Social Icons | 2024-11-21 | 4.8 Medium |
| The Easy Social Icons WordPress plugin before 3.2.1 does not properly escape the image_file field when adding a new social icon, allowing high privileged users to inject arbitrary javascript even when the unfiltered_html capability is disallowed. | ||||
| CVE-2022-0838 | 1 Hestiacp | 1 Control Panel | 2024-11-21 | 6.1 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.5.10. | ||||
| CVE-2022-0832 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3. | ||||
| CVE-2022-0831 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3. | ||||
| CVE-2022-0822 | 1 Orchardcore | 1 Orchardcore | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository orchardcms/orchardcore prior to 1.3.0. | ||||
| CVE-2022-0820 | 1 Orchardcore | 1 Orchardcore | 2024-11-21 | 6.1 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository orchardcms/orchardcore prior to 1.3.0. | ||||
| CVE-2022-0818 | 1 Yithemes | 1 Woocommerce Affiliate | 2024-11-21 | 6.1 Medium |
| The WooCommerce Affiliate Plugin WordPress plugin before 4.16.4.5 does not have authorization and CSRF checks on a specific action handler, as well as does not sanitize its settings, which enables an unauthenticated attacker to inject malicious XSS payloads into the settings page of the plugin. | ||||