Export limit exceeded: 349498 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45824 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45824 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-2299 | 1 Allow Svg Files Project | 1 Allow Svg Files | 2024-11-21 | 5.4 Medium |
| The Allow SVG Files WordPress plugin through 1.1 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads | ||||
| CVE-2022-2280 | 1 Microweber | 1 Microweber | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.19. | ||||
| CVE-2022-2278 | 1 Fifu | 1 Featured Image From Url | 2024-11-21 | 4.8 Medium |
| The Featured Image from URL (FIFU) WordPress plugin before 4.0.1 does not validate, sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2022-2271 | 1 Wpseeds | 1 Wp Database Backup | 2024-11-21 | 4.8 Medium |
| The WP Database Backup WordPress plugin before 5.9 does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2022-2256 | 1 Redhat | 2 Red Hat Single Sign On, Single Sign-on | 2024-11-21 | 3.8 Low |
| A Stored Cross-site scripting (XSS) vulnerability was found in keycloak as shipped in Red Hat Single Sign-On 7. This flaw allows a privileged attacker to execute malicious scripts in the admin console, abusing the default roles functionality. | ||||
| CVE-2022-2235 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 8.7 High |
| Insufficient sanitization in GitLab EE's external issue tracker affecting all versions from 14.5 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to perform cross-site scripting when a victim clicks on a maliciously crafted ZenTao link | ||||
| CVE-2022-2230 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 8.1 High |
| A Stored Cross-Site Scripting vulnerability in the project settings page in GitLab CE/EE affecting all versions from 14.4 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows an attacker to execute arbitrary JavaScript code in GitLab on a victim's behalf. | ||||
| CVE-2022-2219 | 1 Brizy | 1 Unyson | 2024-11-21 | 7.2 High |
| The Unyson WordPress plugin before 2.7.27 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting | ||||
| CVE-2022-2218 | 1 Parse-url Project | 1 Parse-url | 2024-11-21 | 6.1 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository ionicabizau/parse-url prior to 7.0.0. | ||||
| CVE-2022-2217 | 1 Parse-url Project | 1 Parse-url | 2024-11-21 | 6.1 Medium |
| Cross-site Scripting (XSS) - Generic in GitHub repository ionicabizau/parse-url prior to 7.0.0. | ||||
| CVE-2022-2215 | 1 Givewp | 1 Givewp | 2024-11-21 | 4.8 Medium |
| The GiveWP WordPress plugin before 2.21.3 does not properly sanitise and escape the currency settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2022-2194 | 1 Tipsandtricks-hq | 1 Accept Stripe | 2024-11-21 | 4.8 Medium |
| The Accept Stripe Payments WordPress plugin before 2.0.64 does not sanitize and escape some of its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | ||||
| CVE-2022-2189 | 1 Tipsandtricks-hq | 1 Wp Video Lightbox | 2024-11-21 | 6.1 Medium |
| The WP Video Lightbox WordPress plugin before 1.9.5 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers | ||||
| CVE-2022-2187 | 1 Contact Form 7 Captcha Project | 1 Contact Form 7 Captcha | 2024-11-21 | 6.1 Medium |
| The Contact Form 7 Captcha WordPress plugin before 0.1.2 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers | ||||
| CVE-2022-2186 | 1 Bracketspace | 1 Simple Post Notes | 2024-11-21 | 4.8 Medium |
| The Simple Post Notes WordPress plugin before 1.7.6 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | ||||
| CVE-2022-2181 | 1 Sigmaplugin | 1 Advanced Wordpress Reset | 2024-11-21 | 6.1 Medium |
| The Advanced WordPress Reset WordPress plugin before 1.6 does not escape some generated URLs before outputting them back in href attributes of admin dashboard pages, leading to Reflected Cross-Site Scripting | ||||
| CVE-2022-2174 | 1 Microweber | 1 Microweber | 2024-11-21 | 6.1 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.18. | ||||
| CVE-2022-2173 | 1 Sigmaplugin | 1 Advanced Database Cleaner | 2024-11-21 | 6.1 Medium |
| The Advanced Database Cleaner WordPress plugin before 3.1.1 does not escape numerous generated URLs before outputting them back in href attributes of admin dashboard pages, leading to Reflected Cross-Site Scripting | ||||
| CVE-2022-2170 | 1 Microsoft | 1 Microsoft Advertising Universal Event Tracking | 2024-11-21 | 4.8 Medium |
| The Microsoft Advertising Universal Event Tracking (UET) WordPress plugin before 1.0.4 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. Due to the nature of this plugin, well crafted XSS can also leak into the frontpage. | ||||
| CVE-2022-2169 | 1 Dwbooster | 1 Loading Page With Loading Screen | 2024-11-21 | 4.8 Medium |
| The Loading Page with Loading Screen WordPress plugin before 1.0.83 does not escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | ||||