Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-23987 | 1 Westguardsolutions | 1 Ws Form | 2022-03-08 | 3.5 LOW | 4.8 MEDIUM |
| The WS Form LITE and Pro WordPress plugins before 1.8.176 do not sanitise and escape their Form Name, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | |||||
| CVE-2021-43945 | 1 Atlassian | 2 Data Center, Jira | 2022-03-08 | 3.5 LOW | 4.8 MEDIUM |
| Affected versions of Atlassian Jira Server and Data Center allow remote attackers with Roadmaps Administrator permissions to inject arbitrary HTML or JavaScript via a Stored Cross-Site Scripting (SXSS) vulnerability in the /rest/jpo/1.0/hierarchyConfiguration endpoint. The affected versions are before version 8.20.3. | |||||
| CVE-2021-24971 | 1 Magnigenie | 1 Wp Responsive Menu | 2022-03-08 | 3.5 LOW | 5.4 MEDIUM |
| The WP Responsive Menu WordPress plugin before 3.1.7.1 does not have capability and CSRF checks in the wpr_live_update AJAX action, as well as do not sanitise and escape some of the data submitted. As a result, any authenticated, such as subscriber could update the plugin's settings and perform Cross-Site Scripting attacks against all visitor and users on the frontend | |||||
| CVE-2021-24933 | 1 Bootstrapped | 1 Dynamic Widgets | 2022-03-08 | 3.5 LOW | 5.4 MEDIUM |
| The Dynamic Widgets WordPress plugin through 1.5.16 does not escape the prefix parameter before outputting it back in an attribute when using the term_tree AJAX action (available to any authenticated users), leading to a Reflected Cross-Site Scripting issue | |||||
| CVE-2022-23912 | 1 Accesspressthemes | 1 Ap Custom Testimonial | 2022-03-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Testimonial WordPress Plugin WordPress plugin before 1.4.7 does not sanitise and escape the id parameter before outputting it back in an attribute, leading to a Reflected cross-Site Scripting | |||||
| CVE-2021-24994 | 1 Wpvivid | 1 Migration\, Backup\, Staging | 2022-03-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Migration, Backup, Staging WordPress plugin before 0.9.69 does not have authorisation when adding remote storages, and does not sanitise as well as escape a parameter from such unauthenticated requests before outputting it in admin page, leading to a Stored Cross-Site Scripting issue | |||||
| CVE-2022-0385 | 1 Crazy Bone Project | 1 Crazy Bone | 2022-03-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Crazy Bone WordPress plugin through 0.6.0 does not sanitise and escape the username submitted via the login from when displaying them back in the log dashboard, leading to an unauthenticated Stored Cross-Site scripting | |||||
| CVE-2021-25034 | 1 Wp User Project | 1 Wp User | 2022-03-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WP User WordPress plugin before 7.0 does not sanitise and escape some parameters in pages where the [wp_user] shortcode is used, leading to Reflected Cross-Site Scripting issues | |||||
| CVE-2022-0360 | 1 Smackcoders | 1 Easy Drag And Drop All Import | 2022-03-08 | 3.5 LOW | 4.8 MEDIUM |
| The Easy Drag And drop All Import : WP Ultimate CSV Importer WordPress plugin before 6.4.3 does not sanitise and escaped imported comments, which could allow high privilege users to import malicious ones (either intentionnaly or not) and lead to Stored Cross-Site Scripting issues | |||||
| CVE-2021-25112 | 1 I-plugins | 1 Whmcs Bridge | 2022-03-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WHMCS Bridge WordPress plugin before 6.4b does not sanitise and escape the error parameter before outputting it back in admin dashboard, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2021-4222 | 1 Maxfoundry | 1 Wp-paginate | 2022-03-08 | 3.5 LOW | 4.8 MEDIUM |
| The WP-Paginate WordPress plugin before 2.1.4 does not sanitise and escape its preset settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed | |||||
| CVE-2022-0150 | 1 Wp Accessibility Helper Project | 1 Wp Accessibility Helper | 2022-03-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WP Accessibility Helper (WAH) WordPress plugin before 0.6.0.7 does not sanitise and escape the wahi parameter before outputting back its base64 decode value in the page, leading to a Reflected Cross-Site Scripting issue | |||||
| CVE-2021-34359 | 1 Qnap | 2 Nas Proxy Server, Qts | 2022-03-08 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later | |||||
| CVE-2022-0189 | 1 Wprssaggregator | 1 Wp Rss Aggregator | 2022-03-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WP RSS Aggregator WordPress plugin before 4.20 does not sanitise and escape the id parameter in the wprss_fetch_items_row_action AJAX action before outputting it back in the response, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2021-34361 | 1 Qnap | 2 Nas Proxy Server, Qts | 2022-03-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later | |||||
| CVE-2022-24710 | 1 Weblate | 1 Weblate | 2022-03-08 | 3.5 LOW | 5.4 MEDIUM |
| Weblate is a copyleft software web-based continuous localization system. Versions prior to 4.11 do not properly neutralize user input used in user name and language fields. Due to this improper neutralization it is possible to perform cross-site scripting via these fields. The issues were fixed in the 4.11 release. Users unable to upgrade are advised to add their own neutralize logic. | |||||
| CVE-2021-42244 | 1 Notimoo Project | 1 Notimoo | 2022-03-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in PaquitoSoftware Notimoo v1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted title or message in a notification. | |||||
| CVE-2021-37504 | 1 Hayageek | 1 Jquery Upload File | 2022-03-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the fileNameStr parameter of jQuery-Upload-File v4.0.11 allows attackers to execute arbitrary web scripts or HTML via a crafted file with a Javascript payload in the file name. | |||||
| CVE-2022-26146 | 1 Tricentis | 1 Qtest | 2022-03-07 | 3.5 LOW | 5.4 MEDIUM |
| Tricentis qTest before 10.4 allows stored XSS by an authenticated attacker. | |||||
| CVE-2022-0772 | 1 Librenms | 1 Librenms | 2022-03-07 | 3.5 LOW | 4.8 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.2.2. | |||||