Export limit exceeded: 45778 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45778 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-0737 | 1 Text Hover Project | 1 Text Hover | 2024-11-21 | 4.8 Medium |
| The Text Hover WordPress plugin before 4.2 does not sanitize and escape the text to hover, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | ||||
| CVE-2022-0734 | 1 Zyxel | 64 Atp100, Atp100 Firmware, Atp100w and 61 more | 2024-11-21 | 5.8 Medium |
| A cross-site scripting vulnerability was identified in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.35 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.35 through 5.20, and VPN series firmware versions 4.35 through 5.20, that could allow an attacker to obtain some information stored in the user's browser, such as cookies or session tokens, via a malicious script. | ||||
| CVE-2022-0728 | 1 Pootlepress | 1 Easy Smooth Scroll Links | 2024-11-21 | 4.8 Medium |
| The Easy Smooth Scroll Links WordPress plugin before 2.23.1 does not sanitise and escape its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | ||||
| CVE-2022-0723 | 1 Microweber | 1 Microweber | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.11. | ||||
| CVE-2022-0719 | 1 Microweber | 1 Microweber | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.3. | ||||
| CVE-2022-0705 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0. | ||||
| CVE-2022-0704 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0. | ||||
| CVE-2022-0703 | 1 Gd-mylist Project | 1 Gd-mylist | 2024-11-21 | 4.8 Medium |
| The GD Mylist WordPress plugin through 1.1.1 does not sanitise and escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | ||||
| CVE-2022-0702 | 1 Unboxinteractive | 1 Petfinder-listings | 2024-11-21 | 4.8 Medium |
| The Petfinder Listings WordPress plugin through 1.0.18 does not escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | ||||
| CVE-2022-0701 | 1 Seo-301-meta Project | 1 Seo-301-meta | 2024-11-21 | 4.8 Medium |
| The SEO 301 Meta WordPress plugin through 1.9.1 does not escape its Request and Destination settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | ||||
| CVE-2022-0700 | 1 Chrsinteractive | 1 Simple Tracking | 2024-11-21 | 4.8 Medium |
| The Simple Tracking WordPress plugin before 1.7 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | ||||
| CVE-2022-0690 | 1 Microweber | 1 Microweber | 2024-11-21 | 6.1 Medium |
| Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11. | ||||
| CVE-2022-0684 | 1 Wp Home Page Menu Project | 1 Wp Home Page Menu | 2024-11-21 | 4.8 Medium |
| The WP Home Page Menu WordPress plugin before 3.1 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | ||||
| CVE-2022-0680 | 1 Plezi | 1 Plezi | 2024-11-21 | 6.1 Medium |
| The Plezi WordPress plugin before 1.0.3 has a REST endpoint allowing unauthenticated users to update the plz_configuration_tracker_enable option, which is then displayed in the admin panel without sanitisation and escaping, leading to a Stored Cross-Site Scripting issue | ||||
| CVE-2022-0678 | 1 Microweber | 1 Microweber | 2024-11-21 | 6.1 Medium |
| Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11. | ||||
| CVE-2022-0674 | 1 Kunze-medien | 1 Kunze Law | 2024-11-21 | 4.8 Medium |
| The Kunze Law WordPress plugin before 2.1 does not escape its 'E-Mail Error "From" Address' settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | ||||
| CVE-2022-0663 | 1 Printfriendly | 1 Print\, Pdf\, Email By Printfriendly | 2024-11-21 | 4.8 Medium |
| The Print, PDF, Email by PrintFriendly WordPress plugin before 5.2.3 does not sanitise and escape the Custom Button Text settings, which could allow high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | ||||
| CVE-2022-0662 | 1 Ajdg | 1 Adrotate | 2024-11-21 | 4.8 Medium |
| The AdRotate WordPress plugin before 5.8.23 does not sanitise and escape Advert Names which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | ||||
| CVE-2022-0659 | 1 Sync Qcloud Cos Project | 1 Sync Qcloud Cos | 2024-11-21 | 4.8 Medium |
| The Sync QCloud COS WordPress plugin before 2.0.1 does not escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | ||||
| CVE-2022-0649 | 1 Ajdg | 1 Adrotate | 2024-11-21 | 4.8 Medium |
| The AdRotate WordPress plugin before 5.8.23 does not escape Group Names, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | ||||