Export limit exceeded: 342372 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (44806 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-0189 | 1 Wprssaggregator | 1 Wp Rss Aggregator | 2024-11-21 | 6.1 Medium |
| The WP RSS Aggregator WordPress plugin before 4.20 does not sanitise and escape the id parameter in the wprss_fetch_items_row_action AJAX action before outputting it back in the response, leading to a Reflected Cross-Site Scripting | ||||
| CVE-2022-0186 | 1 Machothemes | 1 Image Photo Gallery Final Tiles Grid | 2024-11-21 | 5.4 Medium |
| The Image Photo Gallery Final Tiles Grid WordPress plugin before 3.5.3 does not sanitise and escape the Description field when editing a gallery, allowing users with a role as low as contributor to perform Cross-Site Scripting attacks against other users having access to the gallery dashboard | ||||
| CVE-2022-0182 | 1 Expresstech | 1 Quiz And Survey Master | 2024-11-21 | 5.4 Medium |
| Stored cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.3.7 allows a remote authenticated attacker to inject an arbitrary script via an website that uses Quiz And Survey Master. | ||||
| CVE-2022-0181 | 1 Expresstech | 1 Quiz And Survey Master | 2024-11-21 | 6.1 Medium |
| Reflected cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.3.7 allows a remote attacker to inject an arbitrary script via unspecified vectors. | ||||
| CVE-2022-0167 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.1 Low |
| An issue has been discovered in GitLab affecting all versions starting from 14.0 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was not disabling the Autocomplete attribute of fields related to sensitive information making it possible to be retrieved under certain conditions. | ||||
| CVE-2022-0161 | 1 Ari-soft | 1 Ari Fancy Lightbox | 2024-11-21 | 6.1 Medium |
| The ARI Fancy Lightbox WordPress plugin before 1.3.9 does not sanitise and escape the msg parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting | ||||
| CVE-2022-0159 | 1 Orchardcore | 1 Orchardcore | 2024-11-21 | 5.4 Medium |
| orchardcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ||||
| CVE-2022-0157 | 2 Fedoraproject, Phoronix-media | 2 Fedora, Phoronix Test Suite | 2024-11-21 | 5.4 Medium |
| phoronix-test-suite is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ||||
| CVE-2022-0150 | 1 Wp Accessibility Helper Project | 1 Wp Accessibility Helper | 2024-11-21 | 6.1 Medium |
| The WP Accessibility Helper (WAH) WordPress plugin before 0.6.0.7 does not sanitise and escape the wahi parameter before outputting back its base64 decode value in the page, leading to a Reflected Cross-Site Scripting issue | ||||
| CVE-2022-0149 | 1 Visser | 1 Store Exporter For Woocommerce | 2024-11-21 | 6.1 Medium |
| The WooCommerce Stored Exporter WordPress plugin before 2.7.1 was affected by a Reflected Cross-Site Scripting (XSS) vulnerability in the woo_ce admin page. | ||||
| CVE-2022-0148 | 1 Premio | 1 Mystickyelements | 2024-11-21 | 5.4 Medium |
| The All-in-one Floating Contact Form, Call, Chat, and 50+ Social Icon Tabs WordPress plugin before 2.0.4 was vulnerable to reflected XSS on the my-sticky-elements-leads admin page. | ||||
| CVE-2022-0147 | 1 Cookieinformation | 1 Wp-gdpr-compliance | 2024-11-21 | 6.1 Medium |
| The Cookie Information | Free GDPR Consent Solution WordPress plugin before 2.0.8 does not escape user data before outputting it back in attributes in the admin dashboard, leading to a Reflected Cross-Site Scripting issue | ||||
| CVE-2022-0145 | 1 Fork-cms | 1 Fork Cms | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository forkcms/forkcms prior to 5.11.1. | ||||
| CVE-2022-0131 | 1 Jmty | 1 Jimoty | 2024-11-21 | 3.3 Low |
| Jimoty App for Android versions prior to 3.7.42 uses a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app. | ||||
| CVE-2022-0087 | 1 Keystonejs | 1 Keystone | 2024-11-21 | 6.1 Medium |
| keystone is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ||||
| CVE-2022-0020 | 1 Paloaltonetworks | 1 Cortex Xsoar | 2024-11-21 | 6.8 Medium |
| A stored cross-site scripting (XSS) vulnerability in Palo Alto Network Cortex XSOAR web interface enables an authenticated network-based attacker to store a persistent javascript payload that will perform arbitrary actions in the Cortex XSOAR web interface on behalf of authenticated administrators who encounter the payload during normal operations. This issue impacts: All builds of Cortex XSOAR 6.1.0; Cortex XSOAR 6.2.0 builds earlier than build 1958888. | ||||
| CVE-2021-4431 | 1 Msyk | 1 Fmdataapi | 2024-11-21 | 3.5 Low |
| A vulnerability classified as problematic has been found in msyk FMDataAPI up to 22. Affected is an unknown function of the file FMDataAPI_Sample.php. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 23 is able to address this issue. The patch is identified as 3bd1709a8f7b1720529bf5dfc9855ad609f436cf. It is recommended to upgrade the affected component. VDB-244494 is the identifier assigned to this vulnerability. | ||||
| CVE-2021-4312 | 1 Rapidleech | 1 Rapidleech | 2024-11-21 | 3.5 Low |
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic has been found in Th3-822 Rapidleech. This affects the function zip_go of the file classes/options/zip.php. The manipulation of the argument archive leads to cross site scripting. It is possible to initiate the attack remotely. The patch is named 885a87ea4ee5e14fa95801eca255604fb2e138c6. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218295. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2021-4310 | 1 01-scripts | 1 01-artikelsystem | 2024-11-21 | 3.5 Low |
| A vulnerability was found in 01-Scripts 01-Artikelsystem. It has been classified as problematic. Affected is an unknown function of the file 01article.php. The manipulation of the argument $_SERVER['PHP_SELF'] leads to cross site scripting. It is possible to launch the attack remotely. The patch is identified as ae849b347a58c2cb1be38d04bbe56fc883d5d84a. It is recommended to apply a patch to fix this issue. VDB-217662 is the identifier assigned to this vulnerability. | ||||
| CVE-2021-4303 | 1 Xataface Project | 1 Xataface | 2024-11-21 | 2 Low |
| A vulnerability, which was classified as problematic, has been found in shannah Xataface up to 2.x. Affected by this issue is the function testftp of the file install/install_form.js.php of the component Installer. The manipulation leads to cross site scripting. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. Upgrading to version 3.0.0 is able to address this issue. The patch is identified as 94143a4299e386f33bf582139cd4702571d93bde. It is recommended to upgrade the affected component. VDB-217442 is the identifier assigned to this vulnerability. NOTE: Installer is disabled by default. | ||||