Export limit exceeded: 46898 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46898 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-2149 | 1 Very Simple Breadcrumb Project | 1 Very Simple Breadcrumb | 2024-11-21 | 4.8 Medium |
| The Very Simple Breadcrumb WordPress plugin through 1.0 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | ||||
| CVE-2022-2148 | 1 Linkedin Company Updates Project | 1 Linkedin Company Updates | 2024-11-21 | 4.8 Medium |
| The LinkedIn Company Updates WordPress plugin through 1.5.3 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | ||||
| CVE-2022-2132 | 4 Debian, Dpdk, Fedoraproject and 1 more | 15 Debian Linux, Data Plane Development Kit, Fedora and 12 more | 2024-11-21 | 8.6 High |
| A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK. | ||||
| CVE-2022-2130 | 1 Microweber | 1 Microweber | 2024-11-21 | 6.1 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.17. | ||||
| CVE-2022-2118 | 1 Tooltulips | 1 404s | 2024-11-21 | 4.8 Medium |
| The 404s WordPress plugin before 3.5.1 does not sanitise and escape its fields, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | ||||
| CVE-2022-2116 | 1 Webacetechs | 1 Contact Form Db - Elementor | 2024-11-21 | 6.1 Medium |
| The Contact Form DB WordPress plugin before 1.8.0 does not sanitise and escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting | ||||
| CVE-2022-2115 | 1 Essentialplugin | 1 Popup Anything | 2024-11-21 | 6.1 Medium |
| The Popup Anything WordPress plugin before 2.1.7 does not sanitise and escape a parameter before outputting it back in a frontend page, leading to a Reflected Cross-Site Scripting | ||||
| CVE-2022-2114 | 1 Supsystic | 1 Data Tables Generator | 2024-11-21 | 4.8 Medium |
| The Data Tables Generator by Supsystic WordPress plugin before 1.10.20 does not sanitise and escape some of its Table settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2022-2113 | 1 Inventree Project | 1 Inventree | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository inventree/inventree prior to 0.7.2. | ||||
| CVE-2022-2100 | 1 Wpzinc | 1 Page Generator | 2024-11-21 | 4.8 Medium |
| The Page Generator WordPress plugin before 1.6.5 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | ||||
| CVE-2022-2093 | 1 Ninjateam | 1 Wp Duplicate Page | 2024-11-21 | 4.8 Medium |
| The WP Duplicate Page WordPress plugin before 1.3 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. | ||||
| CVE-2022-2092 | 1 Wpovernight | 1 Woocommerce Pdf Invoices\& Packing Slips | 2024-11-21 | 6.1 Medium |
| The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 2.16.0 doesn't escape a parameter on its setting page, making it possible for attackers to conduct reflected cross-site scripting attacks. | ||||
| CVE-2022-2090 | 1 Flycart | 1 Discount Rules For Woocommerce | 2024-11-21 | 6.1 Medium |
| The Discount Rules for WooCommerce WordPress plugin before 2.4.2 does not escape a parameter before outputting it back in an attribute of the plugin's discount rule page, leading to Reflected Cross-Site Scripting | ||||
| CVE-2022-2089 | 1 Bold-themes | 1 Bold Page Builder | 2024-11-21 | 4.8 Medium |
| The Bold Page Builder WordPress plugin before 4.3.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. | ||||
| CVE-2022-2072 | 1 Name Directory Project | 1 Name Directory | 2024-11-21 | 6.1 Medium |
| The Name Directory WordPress plugin before 1.25.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. Furthermore, as the payload is also saved into the database after the request, it leads to a Stored XSS as well | ||||
| CVE-2022-2066 | 1 Facturascripts | 1 Facturascripts | 2024-11-21 | 6.1 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository neorazorx/facturascripts prior to 2022.06. | ||||
| CVE-2022-2065 | 1 Facturascripts | 1 Facturascripts | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository neorazorx/facturascripts prior to 2022.06. | ||||
| CVE-2022-2060 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr/dolibarr prior to 16.0. | ||||
| CVE-2022-2059 | 1 Pandorafms | 1 Pandora Fms | 2024-11-21 | 3.5 Low |
| In Pandora FMS v7.0NG.761 and below, in the agent creation section, the alias parameter is vulnerable to a Stored Cross Site-Scripting. This vulnerability can be exploited by an attacker with administrator privileges logged in the system. | ||||
| CVE-2022-2050 | 1 Maxfoundry | 1 Wp-paginate | 2024-11-21 | 4.8 Medium |
| The WP-Paginate WordPress plugin before 2.1.9 does not escape one of its settings, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when unfiltered_html is disallowed | ||||