Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-0147 | 1 Cookieinformation | 1 Wp-gdpr-compliance | 2022-03-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Cookie Information | Free GDPR Consent Solution WordPress plugin before 2.0.8 does not escape user data before outputting it back in attributes in the admin dashboard, leading to a Reflected Cross-Site Scripting issue | |||||
| CVE-2021-41952 | 1 Tribalsystems | 1 Zenario | 2022-03-20 | 3.5 LOW | 4.8 MEDIUM |
| Zenario CMS 9.0.54156 is vulnerable to Cross Site Scripting (XSS) via upload file to *.SVG. An attacker can send malicious files to victims and steals victim's cookie leads to account takeover. The person viewing the image of a contact can be victim of XSS. | |||||
| CVE-2021-25026 | 1 Patreon | 1 Patreon Wordpress | 2022-03-19 | 3.5 LOW | 5.5 MEDIUM |
| The Patreon WordPress plugin before 1.8.2 does not sanitise and escape the field "Custom Patreon Page name", which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | |||||
| CVE-2021-25006 | 1 Molie Instructure Canvas Linking Tool Project | 1 Molie Instructure Canvas Linking Tool | 2022-03-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| The MOLIE WordPress plugin through 0.5 does not escape the course_id parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting issue | |||||
| CVE-2021-24996 | 1 Wki | 1 Idpay For Contact Form 7 | 2022-03-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| The IDPay for Contact Form 7 WordPress plugin through 2.1.2 does not sanitise and escape the idpay_error parameter before outputting it back in the page leading to a Reflected Cross-Site Scripting | |||||
| CVE-2021-24995 | 1 Html5 Responsive Faq Project | 1 Html5 Responsive Faq | 2022-03-19 | 3.5 LOW | 4.8 MEDIUM |
| The HTML5 Responsive FAQ WordPress plugin through 2.8.5 does not properly sanitise and escape some of its settings, which could allow a high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed | |||||
| CVE-2021-24982 | 1 Childtheme-generator | 1 Child Theme Generator | 2022-03-19 | 3.5 LOW | 6.4 MEDIUM |
| The Child Theme Generator WordPress plugin through 2.2.7 does not sanitise escape the parade parameter before outputting it back, leading to a Reflected Cross-Site Scripting in the admin dashboard | |||||
| CVE-2021-24897 | 1 Viitorcloud | 1 Add Subtitle | 2022-03-19 | 3.5 LOW | 5.4 MEDIUM |
| The Add Subtitle WordPress plugin through 1.1.0 does not sanitise or escape the sub-title field (available only with classic editor) when output in the page, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks | |||||
| CVE-2021-24940 | 1 Woocommerce | 1 Persian-woocommerce | 2022-03-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Persian Woocommerce WordPress plugin through 5.8.0 does not escape the s parameter before outputting it back in an attribute in the admin dashboard, which could lead to a Reflected Cross-Site Scripting issue | |||||
| CVE-2021-24895 | 1 Webbigt | 1 Cybersoldier | 2022-03-19 | 3.5 LOW | 4.8 MEDIUM |
| The Cybersoldier WordPress plugin before 1.7.0 does not sanitise and escape the URL settings before outputting it in an attribute, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | |||||
| CVE-2021-45889 | 1 Ponton | 1 X\/p Messenger | 2022-03-19 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in PONTON X/P Messenger before 3.11.2. Several functions are vulnerable to reflected XSS, as demonstrated by private/index.jsp?partners/ShowNonLocalPartners.do?localID= or private/index.jsp or private/index.jsp?database/databaseTab.jsp or private/index.jsp?activation/activationMainTab.jsp or private/index.jsp?communication/serverTab.jsp or private/index.jsp?emailNotification/notificationTab.jsp. | |||||
| CVE-2021-45888 | 1 Ponton | 1 X\/p Messenger | 2022-03-19 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in PONTON X/P Messenger before 3.11.2. The navigation tree that is shown on the left side of every page of the web application is vulnerable to XSS: it allows injection of JavaScript into its nodes. Creating such nodes is only possible for users who have the role Configuration Administrator or Administrator. | |||||
| CVE-2021-46709 | 1 Phpliteadmin | 1 Phpliteadmin | 2022-03-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| phpLiteAdmin through 1.9.8.2 allows XSS via the index.php newRows parameter (aka num or number). | |||||
| CVE-2022-24384 | 1 Smartertools | 1 Smartertrack | 2022-03-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site Scripting (XSS) vulnerability in SmarterTools SmarterTrack This issue affects: SmarterTools SmarterTrack 100.0.8019.14010. | |||||
| CVE-2022-24386 | 1 Smartertools | 1 Smartertrack | 2022-03-18 | 3.5 LOW | 5.4 MEDIUM |
| Stored XSS in SmarterTools SmarterTrack This issue affects: SmarterTools SmarterTrack 100.0.8019.14010. | |||||
| CVE-2021-32475 | 1 Moodle | 1 Moodle | 2022-03-18 | 3.5 LOW | 5.4 MEDIUM |
| ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected. | |||||
| CVE-2021-44667 | 1 Alibaba | 1 Nacos | 2022-03-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross Site Scripting (XSS) vulnerability exists in Nacos 2.0.3 in auth/users via the (1) pageSize and (2) pageNo parameters. | |||||
| CVE-2022-26533 | 1 Alist Project | 1 Alist | 2022-03-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| Alist v2.1.0 and below was discovered to contain a cross-site scripting (XSS) vulnerability via /i/:data/ipa.plist. | |||||
| CVE-2022-0880 | 1 Showdoc | 1 Showdoc | 2022-03-18 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository star7th/showdoc prior to 2.10.2. | |||||
| CVE-2022-0926 | 1 Microweber | 1 Microweber | 2022-03-18 | 3.5 LOW | 4.8 MEDIUM |
| File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12. | |||||