Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-2532 | 1 Slickremix | 1 Feed Them Social | 2022-08-24 | N/A | 6.1 MEDIUM |
| The Feed Them Social WordPress plugin before 3.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-2407 | 1 Puvox | 1 Wp Phpmyadmin | 2022-08-24 | N/A | 4.8 MEDIUM |
| The WP phpMyAdmin WordPress plugin before 5.2.0.4 does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2022-2383 | 1 Slickremix | 1 Feed Them Social | 2022-08-24 | N/A | 6.1 MEDIUM |
| The Feed Them Social WordPress plugin before 3.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-2375 | 1 Okapitech | 1 Wp Sticky Button | 2022-08-24 | N/A | 5.4 MEDIUM |
| The WP Sticky Button WordPress plugin before 1.4.1 does not have authorisation and CSRF checks when saving its settings, allowing unauthenticated users to update them. Furthermore, due to the lack of escaping in some of them, it could lead to Stored Cross-Site Scripting issues | |||||
| CVE-2022-2361 | 1 Quadlayers | 1 Wp Social Chat | 2022-08-24 | N/A | 4.8 MEDIUM |
| The WP Social Chat WordPress plugin before 6.0.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2022-1932 | 1 Rezgo | 1 Rezgo Online Booking | 2022-08-24 | N/A | 6.1 MEDIUM |
| The Rezgo Online Booking WordPress plugin before 4.1.8 does not sanitise and escape some parameters before outputting them back in a page, leading to a Reflected Cross-Site Scripting, which can be exploited either via a LFI in an AJAX action, or direct call to the affected file | |||||
| CVE-2022-30690 | 1 Wwbn | 1 Avideo | 2022-08-24 | N/A | 6.1 MEDIUM |
| A cross-site scripting (xss) vulnerability exists in the image403 functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get an authenticated user to send a crafted HTTP request to trigger this vulnerability. | |||||
| CVE-2021-24912 | 1 Transposh | 1 Transposh Wordpress Translation | 2022-08-24 | N/A | 5.4 MEDIUM |
| The Transposh WordPress Translation WordPress plugin before 1.0.8 does not have CSRF check in its tp_translation AJAX action, which could allow attackers to make authorised users add a translation. Given the lack of sanitisation in the tk0 parameter, this could lead to a Stored Cross-Site Scripting issue which will be executed in the context of a logged in admin | |||||
| CVE-2021-24911 | 1 Transposh | 1 Transposh Wordpress Translation | 2022-08-24 | N/A | 5.4 MEDIUM |
| The Transposh WordPress Translation WordPress plugin before 1.0.8 does not sanitise and escape the tk0 parameter from the tp_translation AJAX action, leading to Stored Cross-Site Scripting, which will trigger in the admin dashboard of the plugin. The minimum role needed to perform such attack depends on the plugin "Who can translate ?" setting. | |||||
| CVE-2022-36350 | 1 Pukiwiki | 1 Pukiwiki | 2022-08-24 | N/A | 5.4 MEDIUM |
| Stored cross-site scripting vulnerability in PukiWiki versions 1.3.1 to 1.5.3 allows a remote attacker to inject an arbitrary script via unspecified vectors. | |||||
| CVE-2022-2796 | 1 Pimcore | 1 Pimcore | 2022-08-24 | N/A | 4.8 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.4. | |||||
| CVE-2022-27637 | 1 Pukiwiki | 1 Pukiwiki | 2022-08-24 | N/A | 6.1 MEDIUM |
| Reflected cross-site scripting vulnerability in PukiWiki versions 1.5.1 to 1.5.3 allows a remote attacker to inject an arbitrary script via unspecified vectors. | |||||
| CVE-2021-24910 | 1 Transposh | 1 Transposh Wordpress Translation | 2022-08-24 | N/A | 6.1 MEDIUM |
| The Transposh WordPress Translation WordPress plugin before 1.0.8 does not sanitise and escape the a parameter via an AJAX action (available to both unauthenticated and authenticated users when the curl library is installed) before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue | |||||
| CVE-2022-28598 | 1 Frappe | 1 Erpnext | 2022-08-24 | N/A | 6.1 MEDIUM |
| Frappe ERPNext 12.29.0 is vulnerable to XSS where the software does not neutralize or incorrectly neutralize user-controllable input before it is placed in output that is used as a web page that is served to other users. | |||||
| CVE-2022-32771 | 1 Wwbn | 1 Avideo | 2022-08-24 | N/A | 6.1 MEDIUM |
| A cross-site scripting (xss) vulnerability exists in the footer alerts functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get an authenticated user to send a crafted HTTP request to trigger this vulnerability.This vulnerability arrises from the "success" parameter which is inserted into the document with insufficient sanitization. | |||||
| CVE-2022-32772 | 1 Wwbn | 1 Avideo | 2022-08-24 | N/A | 6.1 MEDIUM |
| A cross-site scripting (xss) vulnerability exists in the footer alerts functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get an authenticated user to send a crafted HTTP request to trigger this vulnerability.This vulnerability arrises from the "msg" parameter which is inserted into the document with insufficient sanitization. | |||||
| CVE-2022-32770 | 1 Wwbn | 1 Avideo | 2022-08-24 | N/A | 6.1 MEDIUM |
| A cross-site scripting (xss) vulnerability exists in the footer alerts functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get an authenticated user to send a crafted HTTP request to trigger this vulnerability.This vulnerability arrises from the "toast" parameter which is inserted into the document with insufficient sanitization. | |||||
| CVE-2022-2829 | 1 Yetiforce | 1 Yetiforce Customer Relationship Management | 2022-08-24 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. | |||||
| CVE-2022-26842 | 1 Wwbn | 1 Avideo | 2022-08-23 | N/A | 9.6 CRITICAL |
| A reflected cross-site scripting (xss) vulnerability exists in the charts tab selection functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get an authenticated user to send a crafted HTTP request to trigger this vulnerability. | |||||
| CVE-2022-1322 | 1 Rich-web | 1 Coming Soon | 2022-08-23 | N/A | 4.8 MEDIUM |
| The Coming Soon - Under Construction WordPress plugin through 1.1.9 does not sanitize and escape some of its settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | |||||