Export limit exceeded: 349371 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 349371 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45785 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45785 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-1937 | 1 Awin | 1 Awin Data Feed | 2024-11-21 | 6.1 Medium |
| The Awin Data Feed WordPress plugin before 1.8 does not sanitise and escape a parameter before outputting it back via an AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-Site Scripting | ||||
| CVE-2022-1933 | 1 Collect And Deliver Interface For Woocommerce Project | 1 Collect And Deliver Interface For Woocommerce | 2024-11-21 | 6.1 Medium |
| The CDI WordPress plugin before 5.1.9 does not sanitise and escape a parameter before outputting it back in the response of an AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-Site Scripting | ||||
| CVE-2022-1932 | 1 Rezgo | 1 Rezgo Online Booking | 2024-11-21 | 6.1 Medium |
| The Rezgo Online Booking WordPress plugin before 4.1.8 does not sanitise and escape some parameters before outputting them back in a page, leading to a Reflected Cross-Site Scripting, which can be exploited either via a LFI in an AJAX action, or direct call to the affected file | ||||
| CVE-2022-1928 | 1 Gitea | 1 Gitea | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository go-gitea/gitea prior to 1.16.9. | ||||
| CVE-2022-1916 | 1 Pluginus | 1 Woot | 2024-11-21 | 6.1 Medium |
| The Active Products Tables for WooCommerce. Professional products tables for WooCommerce store WordPress plugin before 1.0.5 does not sanitise and escape a parameter before outputting it back in the response of an AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected cross-Site Scripting | ||||
| CVE-2022-1915 | 1 Wpreviewslider | 1 Wp Zillow Review Slider | 2024-11-21 | 4.8 Medium |
| The WP Zillow Review Slider WordPress plugin before 2.4 does not escape a settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite) | ||||
| CVE-2022-1910 | 1 Averta | 1 Shortcodes And Extra Features For Phlox Theme | 2024-11-21 | 6.1 Medium |
| The Shortcodes and extra features for Phlox WordPress plugin before 2.9.8 does not sanitise and escape a parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting | ||||
| CVE-2022-1909 | 1 Organizr | 1 Organizr | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository causefx/organizr prior to 2.1.2200. | ||||
| CVE-2022-1906 | 1 Digiprove | 1 Copyright Proof | 2024-11-21 | 6.1 Medium |
| The Copyright Proof WordPress plugin through 4.16 does not sanitise and escape a parameter before outputting it back via an AJAX action available to both unauthenticated and authenticated users, leading to a Reflected Cross-Site Scripting when a specific setting is enabled. | ||||
| CVE-2022-1904 | 1 Fatcatapps | 1 Easy Pricing Tables | 2024-11-21 | 6.1 Medium |
| The Pricing Tables WordPress Plugin WordPress plugin before 3.2.1 does not sanitise and escape parameter before outputting it back in a page available to any user (both authenticated and unauthenticated) when a specific setting is enabled, leading to a Reflected Cross-Site Scripting | ||||
| CVE-2022-1896 | 1 Underconstruction Project | 1 Underconstruction | 2024-11-21 | 4.8 Medium |
| The underConstruction WordPress plugin before 1.21 does not sanitise or escape the "Display a custom page using your own HTML" setting before outputting it, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiletred_html capability is disallowed. | ||||
| CVE-2022-1894 | 1 Sygnoos | 1 Popup Builder | 2024-11-21 | 4.8 Medium |
| The Popup Builder WordPress plugin before 4.1.11 does not escape and sanitize some settings, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfiltred_html is disallowed | ||||
| CVE-2022-1889 | 1 Thenewsletterplugin | 1 Newsletter | 2024-11-21 | 4.8 Medium |
| The Newsletter WordPress plugin before 7.4.6 does not escape and sanitise the preheader_text setting, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfilteredhtml is disallowed | ||||
| CVE-2022-1825 | 1 Collectiveaccess | 1 Providence | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository collectiveaccess/providence prior to 1.8. | ||||
| CVE-2022-1816 | 1 Phpgurukul | 1 Zoo Management System | 2024-11-21 | 3.5 Low |
| A vulnerability, which was classified as problematic, has been found in Zoo Management System 1.0. Affected by this issue is /zoo/admin/public_html/view_accounts?type=zookeeper of the content module. The manipulation of the argument admin_name with the input <script>alert(1)</script> leads to an authenticated cross site scripting. Exploit details have been disclosed to the public. | ||||
| CVE-2022-1814 | 1 Wp Admin Style Project | 1 Wp Admin Style | 2024-11-21 | 4.8 Medium |
| The WP Admin Style WordPress plugin through 0.1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed | ||||
| CVE-2022-1806 | 1 Rtx Project | 1 Rtx | 2024-11-21 | 6.1 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository rtxteam/rtx prior to checkpoint_2022-05-18. | ||||
| CVE-2022-1782 | 1 Erudika | 1 Para | 2024-11-21 | 6.1 Medium |
| Cross-site Scripting (XSS) - Generic in GitHub repository erudika/para prior to v1.45.11. | ||||
| CVE-2022-1776 | 1 Icegram | 1 Popups\, Welcome Bar\, Optins And Lead Generation Plugin | 2024-11-21 | 5.4 Medium |
| The Popups, Welcome Bar, Optins and Lead Generation Plugin WordPress plugin before 2.1.8 does not sanitize and escape some campaign parameters, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks | ||||
| CVE-2022-1773 | 1 Wp Athletics Project | 1 Wp Athletics | 2024-11-21 | 6.1 Medium |
| The WP Athletics WordPress plugin through 1.1.7 does not sanitise and escape a parameter before outputting back in an admin page, leading to a Reflected Cross-Site Scripting | ||||