Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-0620 | 1 Deleteoldorders Project | 1 Delete Old Orders | 2022-03-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Delete Old Orders WordPress plugin through 0.2 does not sanitize and escape the date parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. | |||||
| CVE-2022-0600 | 1 Myceliumdesign | 1 Conference Scheduler | 2022-03-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Conference Scheduler WordPress plugin before 2.4.3 does not sanitize and escape the tab parameter before outputting back in an admin page, leading to a Reflected Cross-Site Scripting. | |||||
| CVE-2022-0599 | 1 Mapping Multiple Urls Redirect Same Page Project | 1 Mapping Multiple Urls Redirect Same Page | 2022-03-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Mapping Multiple URLs Redirect Same Page WordPress plugin through 5.8 does not sanitize and escape the mmursp_id parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. | |||||
| CVE-2022-0595 | 1 Codedropz | 1 Drag And Drop Multiple File Upload - Contact Form 7 | 2022-03-31 | 3.5 LOW | 5.4 MEDIUM |
| The Drag and Drop Multiple File Upload WordPress plugin before 1.3.6.3 allows SVG files to be uploaded by default via the dnd_codedropz_upload AJAX action, which could lead to Stored Cross-Site Scripting issue | |||||
| CVE-2021-43721 | 1 Leanote | 1 Leanote | 2022-03-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| Leanote 2.7.0 is vulnerable to Cross Site Scripting (XSS) in the markdown type note. This leads to remote code execution with payload : <video src=x onerror=(function(){require('child_process').exec('calc');})();> | |||||
| CVE-2021-43725 | 1 Spotweb Project | 1 Spotweb | 2022-03-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| There is a Cross Site Scripting (XSS) vulnerability in SpotPage_login.php of Spotweb 1.5.1 and below, which allows remote attackers to inject arbitrary web script or HTML via the data[performredirect] parameter. | |||||
| CVE-2021-44213 | 1 Open-xchange | 1 Ox App Suite | 2022-03-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| OX App Suite through 7.10.5 allows XSS via uuencoding in a multipart/alternative message. | |||||
| CVE-2021-44212 | 1 Open-xchange | 1 Ox App Suite | 2022-03-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| OX App Suite through 7.10.5 allows XSS via a trailing control character such as the SCRIPT\t substring. | |||||
| CVE-2022-27884 | 1 Maccms | 1 Maccms | 2022-03-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Maccms v10 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in /admin.php/admin/plog/index.html via the wd parameter. | |||||
| CVE-2022-27885 | 1 Maccms | 1 Maccms | 2022-03-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Maccms v10 was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities in /admin.php/admin/website/data.html via the select and input parameters. | |||||
| CVE-2022-27886 | 1 Maccms | 1 Maccms | 2022-03-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Maccms v10 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in /admin.php/admin/ulog/index.html via the wd parameter. | |||||
| CVE-2022-25606 | 1 Wp-downloadmanager Project | 1 Wp-downloadmanager | 2022-03-30 | 3.5 LOW | 5.4 MEDIUM |
| Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities discovered in WP-DownloadManager WordPress plugin (versions <= 1.68.6). Vulnerable parameters &download_path, &download_path_url, &download_page_url, &download_categories. | |||||
| CVE-2022-27887 | 1 Maccms | 1 Maccms | 2022-03-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Maccms v10 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in /admin.php/admin/vod/data.html via the repeat parameter. | |||||
| CVE-2021-24958 | 1 Mekshq | 1 Meks Easy Photo Feed Widget | 2022-03-30 | 3.5 LOW | 5.4 MEDIUM |
| The Meks Easy Photo Feed Widget WordPress plugin before 1.2.4 does not have capability and CSRF checks in the meks_save_business_selected_account AJAX action, available to any authenticated user, and does not escape some of the settings. As a result, any authenticated user, such as subscriber could update the plugin's settings and put Cross-Site Scripting payloads in them | |||||
| CVE-2021-24900 | 1 Wpmanageninja | 1 Ninja Tables | 2022-03-30 | 3.5 LOW | 4.8 MEDIUM |
| The Ninja Tables WordPress plugin before 4.1.8 does not sanitise and escape some of its table fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | |||||
| CVE-2021-44209 | 1 Open-xchange | 1 Ox App Suite | 2022-03-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| OX App Suite through 7.10.5 allows XSS via an HTML 5 element such as AUDIO. | |||||
| CVE-2021-44208 | 1 Open-xchange | 1 Ox App Suite | 2022-03-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| OX App Suite through 7.10.5 allows XSS via an unknown system message in Chat. | |||||
| CVE-2021-44211 | 1 Open-xchange | 1 Ox App Suite | 2022-03-30 | 3.5 LOW | 5.4 MEDIUM |
| OX App Suite through 7.10.5 allows XSS via the class attribute of an element in an HTML e-mail signature. | |||||
| CVE-2021-44210 | 1 Open-xchange | 1 Ox App Suite | 2022-03-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| OX App Suite through 7.10.5 allows XSS via NIFF (Notation Interchange File Format) data. | |||||
| CVE-2021-29107 | 1 Esri | 1 Arcgis Server | 2022-03-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| A stored Cross Site Scripting (XXS) vulnerability in ArcGIS Server Manager version 10.8.1 and below may allow a remote unauthenticated attacker to pass and store malicious strings in the ArcGIS Server Manager application. | |||||