Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-37731 | 1 Ftcms | 1 Ftcms | 2022-09-13 | N/A | 6.1 MEDIUM |
| ftcms 2.1 poster.PHP has a XSS vulnerability. The attacker inserts malicious JavaScript code into the web page, causing the user / administrator to trigger malicious code when accessing. | |||||
| CVE-2022-2517 | 1 Fastlinemedia | 1 Beaver Builder | 2022-09-13 | N/A | 5.4 MEDIUM |
| The Beaver Builder – WordPress Page Builder for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Caption - On Hover' value associated with images in versions up to, and including, 2.5.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with access to the Beaver Builder editor to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2022-2516 | 1 Visualcomposer | 1 Visual Composer Website Builder | 2022-09-13 | N/A | 5.4 MEDIUM |
| The Visual Composer Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the post/page 'Title' value in versions up to, and including, 45.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with access to the visual composer editor to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2020-10463 | 1 Chadhaajay | 1 Phpkb | 2022-09-12 | 3.5 LOW | 4.8 MEDIUM |
| Reflected XSS in admin/edit-template.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p. | |||||
| CVE-2020-10464 | 1 Chadhaajay | 1 Phpkb | 2022-09-12 | 3.5 LOW | 4.8 MEDIUM |
| Reflected XSS in admin/edit-article.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p. | |||||
| CVE-2020-10462 | 1 Chadhaajay | 1 Phpkb | 2022-09-12 | 3.5 LOW | 4.8 MEDIUM |
| Reflected XSS in admin/edit-field.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p. | |||||
| CVE-2020-10469 | 1 Chadhaajay | 1 Phpkb | 2022-09-12 | 3.5 LOW | 4.8 MEDIUM |
| Reflected XSS in admin/manage-departments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort. | |||||
| CVE-2020-10465 | 1 Chadhaajay | 1 Phpkb | 2022-09-12 | 3.5 LOW | 4.8 MEDIUM |
| Reflected XSS in admin/edit-category.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p. | |||||
| CVE-2020-10468 | 1 Chadhaajay | 1 Phpkb | 2022-09-12 | 3.5 LOW | 4.8 MEDIUM |
| Reflected XSS in admin/edit-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p. | |||||
| CVE-2020-10470 | 1 Chadhaajay | 1 Phpkb | 2022-09-12 | 3.5 LOW | 4.8 MEDIUM |
| Reflected XSS in admin/manage-fields.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort. | |||||
| CVE-2020-10467 | 1 Chadhaajay | 1 Phpkb | 2022-09-12 | 3.5 LOW | 4.8 MEDIUM |
| Reflected XSS in admin/edit-comment.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p. | |||||
| CVE-2020-10466 | 1 Chadhaajay | 1 Phpkb | 2022-09-12 | 3.5 LOW | 4.8 MEDIUM |
| Reflected XSS in admin/edit-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p. | |||||
| CVE-2020-10474 | 1 Chadhaajay | 1 Phpkb | 2022-09-12 | 3.5 LOW | 4.8 MEDIUM |
| Reflected XSS in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort. | |||||
| CVE-2020-10472 | 1 Chadhaajay | 1 Phpkb | 2022-09-12 | 3.5 LOW | 4.8 MEDIUM |
| Reflected XSS in admin/manage-templates.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort. | |||||
| CVE-2020-10473 | 1 Chadhaajay | 1 Phpkb | 2022-09-12 | 3.5 LOW | 4.8 MEDIUM |
| Reflected XSS in admin/manage-categories.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort. | |||||
| CVE-2020-10475 | 1 Chadhaajay | 1 Phpkb | 2022-09-12 | 3.5 LOW | 4.8 MEDIUM |
| Reflected XSS in admin/manage-tickets.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort. | |||||
| CVE-2020-10477 | 1 Chadhaajay | 1 Phpkb | 2022-09-12 | 3.5 LOW | 4.8 MEDIUM |
| Reflected XSS in admin/manage-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort. | |||||
| CVE-2020-10476 | 1 Chadhaajay | 1 Phpkb | 2022-09-12 | 3.5 LOW | 4.8 MEDIUM |
| Reflected XSS in admin/manage-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort. | |||||
| CVE-2022-36080 | 1 Wikmd Project | 1 Wikmd | 2022-09-12 | N/A | 6.1 MEDIUM |
| Wikmd is a file based wiki that uses markdown. Prior to version 1.7.1, an attacker could capture user's session cookies or execute malicious Javascript when a victim edits a markdown file. Version 1.7.1 fixes this issue. | |||||
| CVE-2022-2935 | 1 Oxilab | 1 Image Hover Effects Ultimate | 2022-09-12 | N/A | 5.4 MEDIUM |
| The Image Hover Effects Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Media Image URL value that can be added to an Image Hover in versions up to, and including, 9.7.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default, the plugin only allows administrators access to edit Image Hovers, however, if a site admin makes the plugin's features available to lower privileged users through the 'Who Can Edit?' setting then this can be exploited by those users. | |||||