Export limit exceeded: 349498 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 349498 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45824 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45824 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-2523 | 1 Fava Project | 1 Fava | 2024-11-21 | 6.1 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository beancount/fava prior to 1.22.2. | ||||
| CVE-2022-2514 | 1 Fava Project | 1 Fava | 2024-11-21 | 6.1 Medium |
| The time and filter parameters in Fava prior to v1.22 are vulnerable to reflected XSS due to the lack of escaping of error messages which contained the parameters in verbatim. | ||||
| CVE-2022-2511 | 1 Hallowelt | 1 Bluespice | 2024-11-21 | 4.3 Medium |
| Cross-site Scripting (XSS) vulnerability in the "commonuserinterface" component of BlueSpice allows an attacker to inject arbitrary HTML into a page using the title parameter of the call URL. | ||||
| CVE-2022-2510 | 1 Hallowelt | 1 Bluespice | 2024-11-21 | 4.3 Medium |
| Cross-site Scripting (XSS) vulnerability in "Extension:ExtendedSearch" of Hallo Welt! GmbH BlueSpice allows attacker to inject arbitrary HTML (XSS) on page "Special:SearchCenter", using the search term in the URL. | ||||
| CVE-2022-2500 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.4 Medium |
| A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1. A stored XSS flaw in job error messages allows attackers to perform arbitrary actions on behalf of victims at client side. | ||||
| CVE-2022-2495 | 1 Microweber | 1 Microweber | 2024-11-21 | 4.8 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.21. | ||||
| CVE-2022-2494 | 1 Open-emr | 1 Openemr | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.0. | ||||
| CVE-2022-2470 | 1 Microweber | 1 Microweber | 2024-11-21 | 6.1 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.21. | ||||
| CVE-2022-2448 | 1 Resmush.it | 1 Resmush.it Image Optimizer | 2024-11-21 | 4.8 Medium |
| The reSmush.it WordPress plugin before 0.4.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when unfiltered_html is disallowed. | ||||
| CVE-2022-2426 | 1 Thinkific | 1 Thinkific Uploader | 2024-11-21 | 4.8 Medium |
| The Thinkific Uploader WordPress plugin through 1.0.0 does not sanitise and escape its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks against other administrators. | ||||
| CVE-2022-2425 | 1 Wp Ds Blog Map Project | 1 Wp Ds Blog Map | 2024-11-21 | 4.8 Medium |
| The WP DS Blog Map WordPress plugin through 3.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2022-2424 | 1 Google Maps Anywhere Project | 1 Google Maps Anywhere | 2024-11-21 | 4.8 Medium |
| The Google Maps Anywhere WordPress plugin through 1.2.6.3 does not sanitise and escape any of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2022-2423 | 1 Designwall | 1 Dw Promobar | 2024-11-21 | 4.8 Medium |
| The DW Promobar WordPress plugin through 1.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2022-2412 | 1 Better Tag Cloud Project | 1 Better Tag Cloud | 2024-11-21 | 4.8 Medium |
| The Better Tag Cloud WordPress plugin through 0.99.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2022-2411 | 1 Auto More Tag Project | 1 Auto More Tag | 2024-11-21 | 4.8 Medium |
| The Auto More Tag WordPress plugin through 4.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2022-2410 | 1 Mtouch Quiz Project | 1 Mtouch Quiz | 2024-11-21 | 4.8 Medium |
| The mTouch Quiz WordPress plugin through 3.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2022-2409 | 1 Rough Chart Project | 1 Rough Chart | 2024-11-21 | 4.8 Medium |
| The Rough Chart WordPress plugin through 1.0.0 does not properly escape chart data label, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | ||||
| CVE-2022-2407 | 1 Puvox | 1 Wp Phpmyadmin | 2024-11-21 | 4.8 Medium |
| The WP phpMyAdmin WordPress plugin before 5.2.0.4 does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2022-2398 | 1 Najeebmedia | 1 Wordpress Comments Fields | 2024-11-21 | 4.8 Medium |
| The WordPress Comments Fields WordPress plugin before 4.1 does not escape Field Error Message, which could allow high-privileged users to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | ||||
| CVE-2022-2395 | 1 Weformspro | 1 Weforms | 2024-11-21 | 4.8 Medium |
| The weForms WordPress plugin before 1.6.14 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | ||||