Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-40487 | 1 Processwire | 1 Processwire | 2022-11-01 | N/A | 6.1 MEDIUM |
| ProcessWire v3.0.200 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the Search Users and Search Pages function. These vulnerabilities allow attackers to execute arbitrary web scripts or HTML via injection of a crafted payload. | |||||
| CVE-2022-3408 | 1 Redlettuce | 1 Wp Word Count | 2022-11-01 | N/A | 4.8 MEDIUM |
| The WP Word Count WordPress plugin through 3.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. | |||||
| CVE-2022-3441 | 1 Rockcontent | 1 Rock Convert | 2022-11-01 | N/A | 4.8 MEDIUM |
| The Rock Convert WordPress plugin before 2.11.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2021-36206 | 1 Johnsoncontrols | 1 Cevas | 2022-11-01 | N/A | 6.1 MEDIUM |
| All versions of CEVAS prior to 1.01.46 do not sufficiently validate user-controllable input and could allow a user to bypass authentication and retrieve data with specially crafted SQL queries. | |||||
| CVE-2022-2167 | 1 Tagdiv | 1 Newspaper | 2022-11-01 | N/A | 6.1 MEDIUM |
| The Newspaper WordPress theme before 12 does not sanitise a parameter before outputting it back in an HTML attribute via an AJAX action, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-2190 | 1 Enviragallery | 1 Envira Gallery | 2022-11-01 | N/A | 6.1 MEDIUM |
| The Gallery Plugin for WordPress plugin before 1.8.4.7 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers | |||||
| CVE-2022-2627 | 1 Tagdiv | 1 Newspaper | 2022-11-01 | N/A | 6.1 MEDIUM |
| The Newspaper WordPress theme before 12 does not sanitise a parameter before outputting it back in an HTML attribute via an AJAX action, leading to a Reflected Cross-Site Scripting. | |||||
| CVE-2022-3096 | 1 Wp Total Hacks Project | 1 Wp Total Hacks | 2022-11-01 | N/A | 5.4 MEDIUM |
| The WP Total Hacks WordPress plugin through 4.7.2 does not prevent low privilege users from modifying the plugin's settings. This could allow users such as subscribers to perform Stored Cross-Site Scripting attacks against other users, like administrators, due to the lack of sanitisation and escaping as well. | |||||
| CVE-2022-3237 | 1 Wpexperts | 1 Wp Contact Slider | 2022-11-01 | N/A | 4.8 MEDIUM |
| The WP Contact Slider WordPress plugin before 2.4.8 does not sanitize and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | |||||
| CVE-2022-3420 | 1 Official Integration For Billingo Project | 1 Official Integration For Billingo | 2022-11-01 | N/A | 4.8 MEDIUM |
| The Official Integration for Billingo WordPress plugin before 3.4.0 does not sanitise and escape some of its settings, which could allow high privilege users with a role as low as Shop Manager to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2022-3440 | 1 Rockcontent | 1 Rock Convert | 2022-11-01 | N/A | 6.1 MEDIUM |
| The Rock Convert WordPress plugin before 2.11.0 does not sanitise and escape an URL before outputting it back in an attribute when a specific widget is present on a page, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-43169 | 1 Rukovoditel | 1 Rukovoditel | 2022-11-01 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the Users Access Groups feature (/index.php?module=users_groups/users_groups) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking "Add New Group". | |||||
| CVE-2022-43170 | 1 Rukovoditel | 1 Rukovoditel | 2022-11-01 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the Dashboard Configuration feature (index.php?module=dashboard_configure/index) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter after clicking "Add info block". | |||||
| CVE-2022-40739 | 1 Ragic | 1 Ragic | 2022-10-31 | N/A | 5.4 MEDIUM |
| Ragic report generation page has insufficient filtering for special characters. A remote attacker with general user privilege can inject JavaScript to perform XSS (Reflected Cross-Site Scripting) attack. | |||||
| CVE-2022-39027 | 1 Edetw | 1 U-office Force | 2022-10-31 | N/A | 5.4 MEDIUM |
| U-Office Force Forum function has insufficient filtering for special characters. A remote attacker with general user privilege can inject JavaScript and perform XSS (Stored Cross-Site Scripting) attack. | |||||
| CVE-2022-39026 | 1 Edetw | 1 U-office Force | 2022-10-31 | N/A | 5.4 MEDIUM |
| U-Office Force UserDefault page has insufficient filtering for special characters in the HTTP header fields. A remote attacker with general user privilege can exploit this vulnerability to inject JavaScript and perform XSS (Stored Cross-Site Scripting) attack. | |||||
| CVE-2022-39025 | 1 Edetw | 1 U-office Force | 2022-10-31 | N/A | 6.1 MEDIUM |
| U-Office Force PrintMessage function has insufficient filtering for special characters. An unauthenticated remote attacker can exploit this vulnerability to inject JavaScript and perform XSS (Reflected Cross-Site Scripting) attack. | |||||
| CVE-2022-39024 | 1 Edetw | 1 U-office Force | 2022-10-31 | N/A | 6.1 MEDIUM |
| U-Office Force Bulletin function has insufficient filtering for special characters. An unauthenticated remote attacker can exploit this vulnerability to inject JavaScript and perform XSS (Reflected Cross-Site Scripting) attack. | |||||
| CVE-2021-36864 | 1 Expresstech | 1 Quiz And Survey Master | 2022-10-31 | N/A | 5.4 MEDIUM |
| Auth. (editor+) Reflected Cross-Site Scripting (XSS) vulnerability in ExpressTech Quiz And Survey Master plugin <= 7.3.4 on WordPress. | |||||
| CVE-2022-42054 | 1 Gl-inet | 1 Goodcloud | 2022-10-31 | N/A | 5.4 MEDIUM |
| Multiple stored cross-site scripting (XSS) vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Company Name and Description text fields. | |||||