Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-6391 | 6 Debian, Fedoraproject, Google and 3 more | 9 Debian Linux, Fedora, Chrome and 6 more | 2022-04-11 | 4.3 MEDIUM | 4.3 MEDIUM |
| Insufficient validation of untrusted input in Blink in Google Chrome prior to 80.0.3987.87 allowed a local attacker to bypass content security policy via a crafted HTML page. | |||||
| CVE-2022-0958 | 1 Mark Posts Project | 1 Mark Posts | 2022-04-11 | 3.5 LOW | 4.8 MEDIUM |
| The Mark Posts WordPress plugin before 2.0.1 does not escape new markers, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | |||||
| CVE-2022-0901 | 1 Ad Inserter Project | 1 Ad Inserter | 2022-04-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Ad Inserter Free and Pro WordPress plugins before 2.7.12 do not sanitise and escape the REQUEST_URI before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting in browsers which do not encode characters | |||||
| CVE-2022-0884 | 1 Cozmoslabs | 1 Profile Builder | 2022-04-11 | 3.5 LOW | 4.8 MEDIUM |
| The Profile Builder WordPress plugin before 3.6.8 does not sanitise and escape Form Fields titles and description, which could allow high privilege user such as admin to perform Criss-Site Scripting attacks even when unfiltered_html is disallowed | |||||
| CVE-2022-1167 | 1 Apusthemes | 1 Careerup | 2022-04-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| There are unauthenticated reflected Cross-Site Scripting (XSS) vulnerabilities in CareerUp Careerup WordPress theme before 2.3.1, via the filter parameters. | |||||
| CVE-2022-1168 | 1 Eyecix | 1 Jobsearch Wp Job Board | 2022-04-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| There is a Cross-Site Scripting vulnerability in the JobSearch WP JobSearch WordPress plugin before 1.5.1. | |||||
| CVE-2022-1170 | 1 Nootheme | 1 Jobmonster | 2022-04-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| In the Noo JobMonster WordPress theme before 4.5.2.9 JobMonster there is a XSS vulnerability as the input for the search form is provided through unsanitized GET requests. | |||||
| CVE-2022-1169 | 1 Eyecix | 1 Careerfy | 2022-04-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| There is a XSS vulnerability in Careerfy. | |||||
| CVE-2022-0431 | 1 Insights From Google Pagespeed Project | 1 Insights From Google Pagespeed | 2022-04-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Insights from Google PageSpeed WordPress plugin before 4.0.4 does not sanitise and escape various parameters before outputting them back in attributes in the plugin's settings dashboard, leading to Reflected Cross-Site Scripting | |||||
| CVE-2022-1164 | 1 Wztechno | 1 Wyzi | 2022-04-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Wyzi Theme was affected by reflected XSS vulnerabilities in the business search feature | |||||
| CVE-2021-25113 | 1 Dropdown Menu Widget Project | 1 Dropdown Menu Widget | 2022-04-11 | 3.5 LOW | 5.4 MEDIUM |
| The Dropdown Menu Widget WordPress plugin through 1.9.7 does not have authorisation and CSRF checks when saving its settings, allowing low privilege users such as subscriber to update them. Due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site Scripting issues | |||||
| CVE-2021-25048 | 1 King-theme | 1 Kingcomposer | 2022-04-11 | 3.5 LOW | 5.4 MEDIUM |
| The KingComposer WordPress plugin through 2.9.6 does not have authorisation, CSRF and sanitisation/escaping when creating profile, allowing any authenticated users to create arbitrary ones, with Cross-Site Scripting payloads in them | |||||
| CVE-2021-36851 | 1 Web-settler | 1 Testimonial Slider | 2022-04-11 | 3.5 LOW | 5.4 MEDIUM |
| Authenticated (editor or higher user role) Cross-Site Scripting (XSS) vulnerability in Web-Settler Testimonial Slider – Free Testimonials Slider Plugin (WordPress plugin) via parameters mpsp_posts_bg_color, mpsp_posts_description_color, mpsp_slide_nav_button_color. | |||||
| CVE-2021-33616 | 1 Rsa | 1 Archer | 2022-04-11 | 3.5 LOW | 5.4 MEDIUM |
| RSA Archer 6.x through 6.9 SP1 P4 (6.9.1.4) allows stored XSS. | |||||
| CVE-2022-0864 | 1 Updraftplus | 1 Updraftplus | 2022-04-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.22.9 does not sanitise and escape the updraft_interval parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2022-1190 | 1 Gitlab | 1 Gitlab | 2022-04-11 | 3.5 LOW | 5.4 MEDIUM |
| Improper handling of user input in GitLab CE/EE versions 8.3 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowed an attacker to exploit a stored XSS by abusing multi-word milestone references in issue descriptions, comments, etc. | |||||
| CVE-2022-28379 | 1 Nginxproxymanager | 1 Nginx Proxy Manager | 2022-04-11 | 3.5 LOW | 4.8 MEDIUM |
| jc21.com Nginx Proxy Manager before 2.9.17 allows XSS during item deletion. | |||||
| CVE-2022-28378 | 1 Craftcms | 1 Craft Cms | 2022-04-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| Craft CMS before 3.7.29 allows XSS. | |||||
| CVE-2021-23287 | 1 Eaton | 1 Intelligent Power Manager | 2022-04-08 | 3.5 LOW | 5.4 MEDIUM |
| The vulnerability exists due to insufficient validation of input of certain resources within the IPM software. This issue affects: Intelligent Power Manager (IPM 1) versions prior to 1.70. | |||||
| CVE-2021-23288 | 1 Eaton | 1 Intelligent Power Protector | 2022-04-08 | 2.3 LOW | 4.8 MEDIUM |
| The vulnerability exists due to insufficient validation of input from certain resources by the IPP software. The attacker would need access to the local Subnet and an administrator interaction to compromise the system. This issue affects: Intelligent Power Protector versions prior to 1.69. | |||||