Export limit exceeded: 21880 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 349370 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45785 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45785 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-0347 | 1 Wpbrigade | 1 Loginpress | 2024-11-21 | 6.1 Medium |
| The LoginPress | Custom Login Page Customizer WordPress plugin before 1.5.12 does not escape the redirect-page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting | ||||
| CVE-2022-0346 | 1 Xmlsitemapgenerator | 1 Xml Sitemap Generator | 2024-11-21 | 6.1 Medium |
| The XML Sitemap Generator for Google WordPress plugin before 2.0.4 does not validate a parameter which can be set to an arbitrary value, thus causing XSS via error message or RCE if allow_url_include is turned on. | ||||
| CVE-2022-0341 | 1 B3log | 1 Vditor | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vditor prior to 3.8.12. | ||||
| CVE-2022-0327 | 1 Jeweltheme | 1 Master Addons For Elementor | 2024-11-21 | 6.1 Medium |
| The Master Addons for Elementor WordPress plugin before 1.8.5 does not sanitise and escape the error_message parameter before outputting it back in the response of the jltma_restrict_content AJAX action, available to unauthenticated and authenticated users, leading to a Reflected Cross-Site Scripting | ||||
| CVE-2022-0321 | 1 Ohiowebtech | 1 Wp Voting Contest | 2024-11-21 | 6.1 Medium |
| The WP Voting Contest WordPress plugin before 3.0 does not sanitise and escape the post_id parameter before outputting it back in the response via the wpvc_social_share_icons AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-Site Scripting issue | ||||
| CVE-2022-0314 | 1 Presscustomizr | 1 Nimble Page Builder | 2024-11-21 | 6.1 Medium |
| The Nimble Page Builder WordPress plugin before 3.2.2 does not sanitise and escape the preview-level-guid parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting | ||||
| CVE-2022-0288 | 2 Ad Inserter Pro Project, Ad Inserter Project | 2 Ad Inserter Pro, Ad Inserter | 2024-11-21 | 6.1 Medium |
| The Ad Inserter WordPress plugin before 2.7.10, Ad Inserter Pro WordPress plugin before 2.7.10 do not sanitise and escape the html_element_selection parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting | ||||
| CVE-2022-0285 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.2.9. | ||||
| CVE-2022-0278 | 1 Microweber | 1 Microweber | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11. | ||||
| CVE-2022-0274 | 1 Orchardcore | 1 Orchardcore | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in NuGet OrchardCore.Application.Cms.Targets prior to 1.2.2. | ||||
| CVE-2022-0271 | 1 Thimpress | 1 Learnpress | 2024-11-21 | 6.1 Medium |
| The LearnPress WordPress plugin before 4.1.6 does not sanitise and escape the lp-dismiss-notice before outputting it back via the lp_background_single_email AJAX action, leading to a Reflected Cross-Site Scripting | ||||
| CVE-2022-0268 | 1 Getgrav | 1 Grav | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in Packagist getgrav/grav prior to 1.7.28. | ||||
| CVE-2022-0262 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 6.1 Medium |
| Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.2.7. | ||||
| CVE-2022-0260 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.2.7. | ||||
| CVE-2022-0257 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 5.4 Medium |
| pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ||||
| CVE-2022-0256 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 5.4 Medium |
| pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ||||
| CVE-2022-0253 | 1 Livehelperchat | 1 Livehelperchat | 2024-11-21 | 5.4 Medium |
| livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ||||
| CVE-2022-0252 | 1 Givewp | 1 Givewp | 2024-11-21 | 6.1 Medium |
| The GiveWP WordPress plugin before 2.17.3 does not escape the json parameter before outputting it back in an attribute in the Import admin dashboard, leading to a Reflected Cross-Site Scripting | ||||
| CVE-2022-0251 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.2.10. | ||||
| CVE-2022-0250 | 1 Redirection-for-contact-form7 | 1 Redirection For Contact Form 7 | 2024-11-21 | 6.1 Medium |
| The Redirection for Contact Form 7 WordPress plugin before 2.5.0 does not escape a link generated before outputting it in an attribute, leading to a Reflected Cross-Site Scripting | ||||