Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-28364 | 1 Reprisesoftware | 1 Reprise License Manager | 2022-04-15 | 3.5 LOW | 5.4 MEDIUM |
| Reprise License Manager 14.2 is affected by a reflected cross-site scripting vulnerability (XSS) in the /goform/rlmswitchr_process file parameter via GET. Authentication is required. | |||||
| CVE-2022-0892 | 1 Atlasgondal | 1 Export All Urls | 2022-04-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Export All URLs WordPress plugin before 4.2 does not sanitise and escape the CSV filename before outputting it back in the page, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-0728 | 1 Pootlepress | 1 Easy Smooth Scroll Links | 2022-04-15 | 3.5 LOW | 4.8 MEDIUM |
| The Easy Smooth Scroll Links WordPress plugin before 2.23.1 does not sanitise and escape its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | |||||
| CVE-2022-0471 | 1 Realfavicongenerator | 1 Favicon By Realfavicongenerator | 2022-04-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Favicon by RealFaviconGenerator WordPress plugin before 1.3.23 does not properly sanitise and escape the json_result_url parameter before outputting it back in the Favicon admin dashboard, leading to a Reflected Cross-Site Scripting issue | |||||
| CVE-2022-0531 | 1 Wpvivid | 1 Migration\, Backup\, Staging | 2022-04-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Migration, Backup, Staging WordPress plugin before 0.9.70 does not sanitise and escape the sub_page parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting | |||||
| CVE-2022-0447 | 1 Pickplugins | 1 Post Grid | 2022-04-15 | 3.5 LOW | 6.4 MEDIUM |
| The Post Grid WordPress plugin before 2.1.16 does not sanitise and escape the post_types parameter before outputting it back in the response of the post_grid_update_taxonomies_terms_by_posttypes AJAX action, available to any authenticated users, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-0314 | 1 Presscustomizr | 1 Nimble Page Builder | 2022-04-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Nimble Page Builder WordPress plugin before 3.2.2 does not sanitise and escape the preview-level-guid parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-28363 | 1 Reprisesoftware | 1 Reprise License Manager | 2022-04-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reprise License Manager 14.2 is affected by a reflected cross-site scripting vulnerability (XSS) in the /goform/login_process username parameter via GET. No authentication is required. | |||||
| CVE-2022-0271 | 1 Thimpress | 1 Learnpress | 2022-04-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The LearnPress WordPress plugin before 4.1.6 does not sanitise and escape the lp-dismiss-notice before outputting it back via the lp_background_single_email AJAX action, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2021-25090 | 1 Wpsofts | 1 Portfolio Gallery\, Product Catalog - Grid Kit Portfolio | 2022-04-15 | 3.5 LOW | 5.4 MEDIUM |
| The Portfolio Gallery, Product Catalog WordPress plugin before 2.1.0 does not have authorisation and CSRF checks in various functions related to AJAX actions, allowing any authenticated users, such as subscriber, to call them. Due to the lack of sanitisation and escaping, it could also allows attackers to perform Cross-Site Scripting attacks on pages where a Portfolio is embed | |||||
| CVE-2021-24987 | 1 Heateor | 1 Super Socializer | 2022-04-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Social Share, Social Login and Social Comments Plugin WordPress plugin before 7.13.30 does not sanitise and escape the urls parameter in its the_champ_sharing_count AJAX action (available to both unauthenticated and authenticated users) before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue. | |||||
| CVE-2021-24986 | 1 Pickplugins | 1 Post Grid | 2022-04-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Post Grid WordPress plugin before 2.1.16 does not escape the keyword parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting in pages containing a Post Grid with a search form | |||||
| CVE-2022-1288 | 1 School Club Application System Project | 1 School Club Application System | 2022-04-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in School Club Application System 1.0. This issue affects access to /scas/admin/. The manipulation of the parameter page with the input %22%3E%3Cimg%20src=x%20onerror=alert(1)%3E leads to a reflected cross site scripting. The attack may be initiated remotely and does not require any form of authentication. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-22571 | 1 Ivanti | 1 Incapptic Connect | 2022-04-15 | 3.5 LOW | 4.8 MEDIUM |
| An authenticated high privileged user can perform a stored XSS attack due to incorrect output encoding in Incapptic connect and affects all current versions. | |||||
| CVE-2022-27125 | 1 Zbzcms | 1 Zbzcms | 2022-04-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| zbzcms v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the neirong parameter at /php/ajax.php. | |||||
| CVE-2021-39068 | 1 Ibm | 1 Curam Social Program Management | 2022-04-14 | 3.5 LOW | 5.4 MEDIUM |
| IBM Curam Social Program Management 8.0.1 and 7.0.11 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 215306. | |||||
| CVE-2021-36846 | 1 Premio | 1 Chaty | 2022-04-14 | 3.5 LOW | 4.8 MEDIUM |
| Authenticated (admin or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Premio Chaty (WordPress plugin) <= 2.8.3 | |||||
| CVE-2022-27156 | 1 Thedaylightstudio | 1 Fuel Cms | 2022-04-14 | 3.5 LOW | 5.4 MEDIUM |
| Daylight Studio Fuel CMS 1.5.1 is vulnerable to HTML Injection. | |||||
| CVE-2022-27111 | 1 Jflyfox | 1 Jfinal Cms | 2022-04-14 | 3.5 LOW | 5.4 MEDIUM |
| Jfinal_CMS 5.1.0 allows attackers to use the feedback function to send malicious XSS code to the administrator backend and execute it. | |||||
| CVE-2022-0969 | 1 Vertistudio | 1 Image Optimization \& Lazy Load By Optimole | 2022-04-14 | 3.5 LOW | 4.8 MEDIUM |
| The Image optimization & Lazy Load by Optimole WordPress plugin before 3.3.2 does not sanitise and escape its "Lazyload background images for selectors" settings, which could allow high privilege users such as admin to perform Cross-Site scripting attacks even when the unfiltered_html capability is disallowed. | |||||