Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-37338 | 1 Blossomthemes | 1 Blossom Recipe Maker | 2022-09-26 | N/A | 5.4 MEDIUM |
| Multiple Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerabilities in Blossom Recipe Maker plugin <= 1.0.7 at WordPress. | |||||
| CVE-2022-37330 | 1 Webhelpagency | 1 Wha Crossword | 2022-09-26 | N/A | 5.4 MEDIUM |
| Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WHA Crossword plugin <= 1.1.10 at WordPress. | |||||
| CVE-2022-36417 | 1 3d Tag Cloud Project | 1 3d Tag Cloud | 2022-09-26 | N/A | 6.1 MEDIUM |
| Multiple Stored Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability in 3D Tag Cloud plugin <= 3.8 at WordPress. | |||||
| CVE-2022-40215 | 1 Tabs Project | 1 Tabs | 2022-09-26 | N/A | 5.4 MEDIUM |
| Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities in Tabs plugin <= 3.7.1 at WordPress. | |||||
| CVE-2022-40088 | 1 Simple College Website Project | 1 Simple College Website | 2022-09-26 | N/A | 6.1 MEDIUM |
| Simple College Website v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /college_website/index.php?page=. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the page parameter. | |||||
| CVE-2022-28980 | 1 Liferay | 2 Dxp, Liferay Portal | 2022-09-26 | N/A | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal v7.4.3.4 and Liferay DXP v7.4 GA allows attackers to execute arbitrary web scripts or HTML via parameters with the filter_ prefix. | |||||
| CVE-2022-23458 | 1 Nhn | 1 Toast Ui Grid | 2022-09-23 | N/A | 6.1 MEDIUM |
| Toast UI Grid is a component to display and edit data. Versions prior to 4.21.3 are vulnerable to cross-site scripting attacks when pasting specially crafted content into editable cells. This issue was fixed in version 4.21.3. There are no known workarounds. | |||||
| CVE-2022-36791 | 1 Awesome | 1 Torro Forms | 2022-09-23 | N/A | 5.4 MEDIUM |
| Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Awesome UG Torro Forms plugin <= 1.0.16 at WordPress. | |||||
| CVE-2022-40195 | 1 Loqate | 1 Loqate | 2022-09-23 | N/A | 4.8 MEDIUM |
| Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PCA Predict plugin <= 1.0.3 at WordPress. | |||||
| CVE-2022-40193 | 1 Brinidesigner | 1 Awesome Filterable Portfolio | 2022-09-23 | N/A | 6.1 MEDIUM |
| Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability in Awesome Filterable Portfolio plugin <= 1.9.7 at WordPress. | |||||
| CVE-2022-37328 | 1 Themesawesome | 1 Timeline Awesome | 2022-09-23 | N/A | 5.4 MEDIUM |
| Authenticated (author+) Stored Cross-Site Scripting (XSS) vulnerability in Themes Awesome History Timeline plugin <= 1.0.5 at WordPress. | |||||
| CVE-2022-3144 | 1 Wordfence | 1 Wordfence Security | 2022-09-23 | N/A | 4.8 MEDIUM |
| The Wordfence Security – Firewall & Malware Scan plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 7.6.0 via a setting on the options page due to insufficient escaping on the stored value. This makes it possible for authenticated users, with administrative privileges, to inject malicious web scripts into the setting that executes whenever a user accesses a page displaying the affected setting on sites running a vulnerable version. | |||||
| CVE-2022-38703 | 1 Maxfoundry | 1 Maxbuttons | 2022-09-23 | N/A | 4.8 MEDIUM |
| Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Max Foundry Button Plugin MaxButtons plugin <= 9.2 at WordPress | |||||
| CVE-2022-25854 | 1 Tagify Project | 1 Tagify | 2022-09-23 | 3.5 LOW | 5.4 MEDIUM |
| This affects the package @yaireo/tagify before 4.9.8. The package is used for rendering UI components inside the input or text fields, and an attacker can pass a malicious placeholder value to it to fire the XSS payload. | |||||
| CVE-2022-40213 | 1 Gsplugins | 1 Gs Testimonial Slider | 2022-09-23 | N/A | 5.4 MEDIUM |
| Multiple Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerabilities in GS Testimonial Slider plugin <= 1.9.6 at WordPress. | |||||
| CVE-2022-28978 | 1 Liferay | 2 Dxp, Liferay Portal | 2022-09-23 | N/A | 5.4 MEDIUM |
| Stored cross-site scripting (XSS) vulnerability in the Site module's user membership administration page in Liferay Portal 7.0.1 through 7.4.1, and Liferay DXP 7.0 before fix pack 102, 7.1 before fix pack 26, 7.2 before fix pack 15, and 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the a user's name. | |||||
| CVE-2022-28979 | 1 Liferay | 2 Dxp, Liferay Portal | 2022-09-23 | N/A | 6.1 MEDIUM |
| Liferay Portal v7.1.0 through v7.4.2 and Liferay DXP 7.1 before fix pack 26, 7.2 before fix pack 15, and 7.3 before service pack 3 was discovered to contain a cross-site scripting (XSS) vulnerability in the Portal Search module's Custom Facet widget. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Custom Parameter Name text field. | |||||
| CVE-2022-36383 | 1 Webhelpagency | 1 Wha Wordsearch | 2022-09-23 | N/A | 5.4 MEDIUM |
| Multiple Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerabilities in WHA Word Search Puzzles game plugin <= 2.0.1 at WordPress. | |||||
| CVE-2022-36365 | 1 Webhelpagency | 1 Wha Crossword | 2022-09-23 | N/A | 5.4 MEDIUM |
| Multiple Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerabilities in WHA Crossword plugin <= 1.1.10 at WordPress. | |||||
| CVE-2021-28114 | 1 Froala | 1 Froala Editor | 2022-09-23 | 3.5 LOW | 5.4 MEDIUM |
| Froala WYSIWYG Editor 3.2.6-1 is affected by XSS due to a namespace confusion during parsing. | |||||