Export limit exceeded: 45780 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45780 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-0874 | 1 Wp-experts | 1 Wp Social Buttons | 2024-11-21 | 4.8 Medium |
| The WP Social Buttons WordPress plugin through 2.1 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | ||||
| CVE-2022-0873 | 1 Codeasily | 1 Gmedia Gallery | 2024-11-21 | 4.8 Medium |
| The Gmedia Photo Gallery WordPress plugin before 1.20.0 does not sanitise and escape the Album's name before outputting it in pages/posts with a media embed, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered-html capability is disallowed | ||||
| CVE-2022-0864 | 1 Updraftplus | 1 Updraftplus | 2024-11-21 | 6.1 Medium |
| The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.22.9 does not sanitise and escape the updraft_interval parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting (XSS) vulnerability. | ||||
| CVE-2022-0857 | 1 Mcafee | 1 Epolicy Orchestrator | 2024-11-21 | 5.4 Medium |
| A reflected cross-site scripting (XSS) vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote attacker to potentially obtain access to an ePO administrator's session by convincing the attacker to click on a carefully crafted link. This would lead to limited access to sensitive information and limited ability to alter some information in ePO due to the area of the User Interface the vulnerability is present in. | ||||
| CVE-2022-0840 | 1 Cybernetikz | 1 Easy Social Icons | 2024-11-21 | 4.8 Medium |
| The Easy Social Icons WordPress plugin before 3.2.1 does not properly escape the image_file field when adding a new social icon, allowing high privileged users to inject arbitrary javascript even when the unfiltered_html capability is disallowed. | ||||
| CVE-2022-0838 | 1 Hestiacp | 1 Control Panel | 2024-11-21 | 6.1 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.5.10. | ||||
| CVE-2022-0832 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3. | ||||
| CVE-2022-0831 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3. | ||||
| CVE-2022-0822 | 1 Orchardcore | 1 Orchardcore | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository orchardcms/orchardcore prior to 1.3.0. | ||||
| CVE-2022-0820 | 1 Orchardcore | 1 Orchardcore | 2024-11-21 | 6.1 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository orchardcms/orchardcore prior to 1.3.0. | ||||
| CVE-2022-0818 | 1 Yithemes | 1 Woocommerce Affiliate | 2024-11-21 | 6.1 Medium |
| The WooCommerce Affiliate Plugin WordPress plugin before 4.16.4.5 does not have authorization and CSRF checks on a specific action handler, as well as does not sanitize its settings, which enables an unauthenticated attacker to inject malicious XSS payloads into the settings page of the plugin. | ||||
| CVE-2022-0801 | 1 Google | 1 Chrome | 2024-11-21 | 6.1 Medium |
| Inappropriate implementation in HTML parser in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to bypass XSS preventions via a crafted HTML page. (Chrome security severity: Medium) | ||||
| CVE-2022-0780 | 1 Searchiq | 1 Searchiq | 2024-11-21 | 6.1 Medium |
| The SearchIQ WordPress plugin before 3.9 contains a flag to disable the verification of CSRF nonces, granting unauthenticated attackers access to the siq_ajax AJAX action and allowing them to perform Cross-Site Scripting attacks due to the lack of sanitisation and escaping in the customCss parameter | ||||
| CVE-2022-0776 | 1 Revealjs | 1 Reveal.js | 2024-11-21 | 6.1 Medium |
| Cross-site Scripting (XSS) - DOM in GitHub repository hakimel/reveal.js prior to 4.3.0. | ||||
| CVE-2022-0772 | 1 Librenms | 1 Librenms | 2024-11-21 | 4.8 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.2.2. | ||||
| CVE-2022-0765 | 1 Loco Translate Project | 1 Loco Translate | 2024-11-21 | 5.4 Medium |
| The Loco Translate WordPress plugin before 2.6.1 does not properly remove inline events from elements in the source translation strings before outputting them in the editor in the plugin admin panel, allowing any user with access to the plugin (Translator and Administrator by default) to add arbitrary javascript payloads to the source strings leading to a stored cross-site scripting (XSS) vulnerability. | ||||
| CVE-2022-0763 | 1 Microweber | 1 Microweber | 2024-11-21 | 4.8 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3. | ||||
| CVE-2022-0758 | 1 Rapid7 | 1 Nexpose | 2024-11-21 | 3.3 Low |
| Rapid7 Nexpose versions 6.6.129 and earlier suffer from a reflected cross site scripting vulnerability, within the shared scan configuration component of the tool. With this vulnerability an attacker could pass literal values as the test credentials, providing the opportunity for a potential XSS attack. This issue is fixed in Rapid7 Nexpose version 6.6.130. | ||||
| CVE-2022-0753 | 1 Hestiacp | 1 Control Panel | 2024-11-21 | 6.1 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.5.9. | ||||
| CVE-2022-0752 | 1 Hestiacp | 1 Control Panel | 2024-11-21 | 6.1 Medium |
| Cross-site Scripting (XSS) - Generic in GitHub repository hestiacp/hestiacp prior to 1.5.9. | ||||