Export limit exceeded: 45871 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45871 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-3211 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.6. | ||||
| CVE-2022-3209 | 1 Pencidesign | 1 Soledad | 2024-11-21 | 6.1 Medium |
| The soledad WordPress theme before 8.2.5 does not sanitise the {id,datafilter[type],...} parameters in its penci_more_slist_post_ajax AJAX action, leading to a Reflected Cross-Site Scripting (XSS) vulnerability. | ||||
| CVE-2022-3207 | 1 Simplefilelist | 1 Simple-file-list | 2024-11-21 | 4.8 Medium |
| The Simple File List WordPress plugin before 4.4.12 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2022-3205 | 1 Redhat | 1 Ansible Automation Platform | 2024-11-21 | 4.6 Medium |
| Cross site scripting in automation controller UI in Red Hat Ansible Automation Platform 1.2 and 2.0 where the project name is susceptible to XSS injection | ||||
| CVE-2022-3148 | 1 Diagrams | 1 Drawio | 2024-11-21 | 6.1 Medium |
| Cross-site Scripting (XSS) - Generic in GitHub repository jgraph/drawio prior to 20.3.0. | ||||
| CVE-2022-3138 | 1 Diagrams | 1 Drawio | 2024-11-21 | 6.1 Medium |
| Cross-site Scripting (XSS) - Generic in GitHub repository jgraph/drawio prior to 20.3.0. | ||||
| CVE-2022-3137 | 1 Taskbuilder | 1 Taskbuilder | 2024-11-21 | 5.4 Medium |
| The Taskbuilder WordPress plugin before 1.0.8 does not validate and sanitise task's attachments, which could allow any authenticated user (such as subscriber) creating a task to perform Stored Cross-Site Scripting by attaching a malicious SVG file | ||||
| CVE-2022-3136 | 1 Wpsocialrocket | 1 Social Rocket | 2024-11-21 | 4.8 Medium |
| The Social Rocket WordPress plugin before 1.3.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2022-3132 | 1 Goolytics Project | 1 Goolytics | 2024-11-21 | 4.8 Medium |
| The Goolytics WordPress plugin before 1.1.2 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | ||||
| CVE-2022-3128 | 1 Donation Thermometer Project | 1 Donation Thermometer | 2024-11-21 | 4.8 Medium |
| The Donation Thermometer WordPress plugin before 2.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2022-3127 | 1 Diagrams | 1 Drawio | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 20.2.8. | ||||
| CVE-2022-3123 | 2 Dokuwiki, Fedoraproject | 2 Dokuwiki, Fedora | 2024-11-21 | 6.1 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository splitbrain/dokuwiki prior to 2022-07-31a. | ||||
| CVE-2022-3072 | 1 Rosariosis | 1 Rosariosis | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 8.9.3. | ||||
| CVE-2022-3036 | 1 Gettext Override Translations Project | 1 Gettext Override Translations | 2024-11-21 | 4.8 Medium |
| The Gettext override translations WordPress plugin before 2.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2022-3035 | 1 Snipeitapp | 1 Snipe-it | 2024-11-21 | 4.8 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.0.11. | ||||
| CVE-2022-3021 | 1 Diywebmastery | 1 Slickr Flickr | 2024-11-21 | 4.8 Medium |
| The Slickr Flickr WordPress plugin through 2.8.1 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | ||||
| CVE-2022-3002 | 1 Yetiforce | 1 Yetiforce Customer Relationship Management | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. | ||||
| CVE-2022-39988 | 1 Centreon | 1 Centreon | 2024-11-21 | 5.4 Medium |
| A cross-site scripting (XSS) vulnerability in Centreon 22.04.0 allows attackers to execute arbitrary web script or HTML via a crafted payload injected into the Service>Templates service_alias parameter. | ||||
| CVE-2022-39950 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2024-11-21 | 8 High |
| An improper neutralization of input during web page generation vulnerability [CWE-79] exists in FortiManager and FortiAnalyzer 6.0.0 all versions, 6.2.0 all versions, 6.4.0 through 6.4.8, and 7.0.0 through 7.0.4. Report templates may allow a low privilege level attacker to perform an XSS attack via posting a crafted CKeditor "protected" comment as described in CVE-2020-9281. | ||||
| CVE-2022-39840 | 1 Cotonti | 1 Cotonti Siena | 2024-11-21 | 4.8 Medium |
| Cotonti Siena 0.9.20 allows admins to conduct stored XSS attacks via a direct message (DM). | ||||