Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-3036 | 1 Gettext Override Translations Project | 1 Gettext Override Translations | 2022-09-21 | N/A | 4.8 MEDIUM |
| The Gettext override translations WordPress plugin before 2.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2022-3021 | 1 Diywebmastery | 1 Slickr Flickr | 2022-09-21 | N/A | 4.8 MEDIUM |
| The Slickr Flickr WordPress plugin through 2.8.1 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | |||||
| CVE-2022-40778 | 1 Opswat | 1 Metadefender | 2022-09-21 | N/A | 5.4 MEDIUM |
| A stored Cross-Site Scripting (XSS) vulnerability in OPSWAT MetaDefender ICAP Server before 4.13.0 allows attackers to execute arbitrary JavaScript or HTML because of the blocked page response. | |||||
| CVE-2022-25873 | 1 Vuetifyjs | 1 Vuetify | 2022-09-21 | N/A | 5.4 MEDIUM |
| The package vuetify from 2.0.0-beta.4 and before 2.6.10 are vulnerable to Cross-site Scripting (XSS) due to improper input sanitization in the 'eventName' function within the VCalendar component. | |||||
| CVE-2022-2710 | 1 Scroll To Top Project | 1 Scroll To Top | 2022-09-20 | N/A | 4.8 MEDIUM |
| The Scroll To Top WordPress plugin before 1.4.1 does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2022-2753 | 1 Ketchup Restaurant Reservations Project | 1 Ketchup Restaurant Reservations | 2022-09-20 | N/A | 6.1 MEDIUM |
| The Ketchup Restaurant Reservations WordPress plugin through 1.0.0 does not sanitise and escape some of the reservation user inputs, allowing unauthenticated attackers to perform Cross-Site Scripting attacks logged in admin viewing the malicious reservation made | |||||
| CVE-2022-2567 | 1 Codepeople | 1 Form Builder Cp | 2022-09-20 | N/A | 4.8 MEDIUM |
| The Form Builder CP WordPress plugin before 1.2.32 does not sanitise and escape some of its form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2022-2709 | 1 Cagewebdesign | 1 Float To Top Button | 2022-09-20 | N/A | 4.8 MEDIUM |
| The Float to Top Button WordPress plugin through 2.3.6 does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2022-3231 | 1 Librenms | 1 Librenms | 2022-09-20 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.9.0. | |||||
| CVE-2022-34218 | 1 Adobe | 1 Experience Manager | 2022-09-20 | N/A | 5.4 MEDIUM |
| Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires low-privilege access to AEM. | |||||
| CVE-2022-35664 | 1 Adobe | 1 Experience Manager | 2022-09-20 | N/A | 5.4 MEDIUM |
| Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires low-privilege access to AEM. | |||||
| CVE-2022-30685 | 1 Adobe | 1 Experience Manager | 2022-09-20 | N/A | 5.4 MEDIUM |
| Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires low-privilege access to AEM. | |||||
| CVE-2022-30686 | 1 Adobe | 1 Experience Manager | 2022-09-20 | N/A | 5.4 MEDIUM |
| Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires low-privilege access to AEM. | |||||
| CVE-2022-30684 | 1 Adobe | 1 Experience Manager | 2022-09-20 | N/A | 5.4 MEDIUM |
| Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires low-privilege access to AEM. | |||||
| CVE-2022-30682 | 1 Adobe | 1 Experience Manager | 2022-09-20 | N/A | 5.4 MEDIUM |
| Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires low-privilege access to AEM. | |||||
| CVE-2022-30680 | 1 Adobe | 1 Experience Manager | 2022-09-20 | N/A | 5.4 MEDIUM |
| Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires low-privilege access to AEM. | |||||
| CVE-2022-30681 | 1 Adobe | 1 Experience Manager | 2022-09-20 | N/A | 5.4 MEDIUM |
| Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires low-privilege access to AEM. | |||||
| CVE-2022-30678 | 1 Adobe | 1 Experience Manager | 2022-09-20 | N/A | 5.4 MEDIUM |
| Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires low-privilege access to AEM. | |||||
| CVE-2022-30677 | 1 Adobe | 1 Experience Manager | 2022-09-20 | N/A | 5.4 MEDIUM |
| Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires low-privilege access to AEM. | |||||
| CVE-2022-37775 | 1 Genesys | 1 Pureconnect | 2022-09-20 | N/A | 6.1 MEDIUM |
| Genesys PureConnect Interaction Web Tools Chat Service (up to at least 26- September- 2019) allows XSS within the Printable Chat History via the participant -> name JSON POST parameter. | |||||