Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-45214 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2022-11-29 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Sanitization Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter at /php-sms/classes/Login.php. | |||||
| CVE-2022-42099 | 1 Klik Project | 1 Klik | 2022-11-29 | N/A | 5.4 MEDIUM |
| KLiK SocialMediaWebsite Version 1.0.1 has XSS vulnerabilities that allow attackers to store XSS via location Forum Subject input. | |||||
| CVE-2022-42100 | 1 Klik Project | 1 Klik | 2022-11-29 | N/A | 5.4 MEDIUM |
| KLiK SocialMediaWebsite Version 1.0.1 has XSS vulnerabilities that allow attackers to store XSS via location input reply-form. | |||||
| CVE-2022-36137 | 1 Churchcrm | 1 Churchcrm | 2022-11-29 | N/A | 4.8 MEDIUM |
| ChurchCRM Version 4.4.5 has XSS vulnerabilities that allow attackers to store XSS via location input sHeader. | |||||
| CVE-2022-45224 | 1 Web-based Student Clearance System Project | 1 Web-based Student Clearance System | 2022-11-29 | N/A | 4.8 MEDIUM |
| Web-Based Student Clearance System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in Admin/add-admin.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtfullname parameter. | |||||
| CVE-2022-45223 | 1 Web-based Student Clearance System Project | 1 Web-based Student Clearance System | 2022-11-29 | N/A | 4.8 MEDIUM |
| Web-Based Student Clearance System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in /Admin/add-student.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtfullname parameter. | |||||
| CVE-2022-36136 | 1 Churchcrm | 1 Churchcrm | 2022-11-29 | N/A | 4.8 MEDIUM |
| ChurchCRM Version 4.4.5 has XSS vulnerabilities that allow attackers to store XSS via location input Deposit Comment. | |||||
| CVE-2022-3834 | 1 Google Forms Project | 1 Google Forms | 2022-11-29 | N/A | 4.8 MEDIUM |
| The Google Forms WordPress plugin through 0.95 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2022-3839 | 1 Analytics For Wp Project | 1 Analytics For Wp | 2022-11-29 | N/A | 4.8 MEDIUM |
| The Analytics for WP WordPress plugin through 1.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2022-3833 | 1 Thematosoup | 1 Fancier Author Box | 2022-11-29 | N/A | 4.8 MEDIUM |
| The Fancier Author Box by ThematoSoup WordPress plugin through 1.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2022-3831 | 1 Recaptcha Project | 1 Recaptcha | 2022-11-29 | N/A | 4.8 MEDIUM |
| The reCAPTCHA WordPress plugin through 1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2022-3828 | 1 Video Thumbnails Project | 1 Video Thumbnails | 2022-11-29 | N/A | 4.8 MEDIUM |
| The Video Thumbnails WordPress plugin through 2.12.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2022-3824 | 1 Wp Admin Ui Customize Project | 1 Wp Admin Ui Customize | 2022-11-29 | N/A | 4.8 MEDIUM |
| The WP Admin UI Customize WordPress plugin before 1.5.13 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2022-3823 | 1 Beautiful-cookie-banner | 1 Beautiful Cookie Consent Banner | 2022-11-29 | N/A | 4.8 MEDIUM |
| The Beautiful Cookie Consent Banner WordPress plugin before 2.9.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2022-3822 | 1 Tipsandtricks-hq | 1 Donations Via Paypal | 2022-11-29 | N/A | 4.8 MEDIUM |
| The Donations via PayPal WordPress plugin before 1.9.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2022-3610 | 1 Jeeng Push Notifications Project | 1 Jeeng Push Notifications | 2022-11-29 | N/A | 4.8 MEDIUM |
| The Jeeng Push Notifications WordPress plugin before 2.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2022-3601 | 1 Image Hover Effects Css3 Project | 1 Image Hover Effects Css3 | 2022-11-29 | N/A | 4.8 MEDIUM |
| The Image Hover Effects Css3 WordPress plugin through 4.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2022-2983 | 1 Salat Times Project | 1 Salat Times | 2022-11-29 | N/A | 4.8 MEDIUM |
| The Salat Times WordPress plugin before 3.2.2 does not sanitize and escapes its settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | |||||
| CVE-2022-2311 | 1 Find And Replace All Project | 1 Find And Replace All | 2022-11-29 | N/A | 6.1 MEDIUM |
| The Find and Replace All WordPress plugin before 1.3 does not sanitize and escape some parameters from its setting page before outputting them back to the user, leading to a Reflected Cross-Site Scripting issue. | |||||
| CVE-2022-37720 | 1 Orchardcore | 1 Orchard Cms | 2022-11-29 | N/A | 9.0 CRITICAL |
| Orchardproject Orchard CMS 1.10.3 is vulnerable to Cross Site Scripting (XSS). When a low privileged user such as an author or publisher, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privilege escalation when the malicious blog post is loaded in the victim's browser. | |||||