Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-24948 | 1 Apache | 1 Jspwiki | 2022-03-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| A carefully crafted user preferences for submission could trigger an XSS vulnerability on Apache JSPWiki, related to the user preferences screen, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.11.2 or later. | |||||
| CVE-2022-0710 | 1 Draftpress | 1 Header Footer Code Manager | 2022-03-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Header Footer Code Manager plugin <= 1.1.16 for WordPress is vulnerable to Reflected Cross-Site Scripting (XSS) via the $_REQUEST['page'] parameter. | |||||
| CVE-2022-0683 | 1 Wpdeveloper | 1 Essential Addons For Elementor | 2022-03-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Essential Addons for Elementor Lite WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the settings parameter found in the ~/includes/Traits/Helper.php file which allows attackers to inject arbitrary web scripts onto a pages that executes whenever a user clicks on a specially crafted link by an attacker. This affects versions up to and including 5.0.8. | |||||
| CVE-2022-0653 | 1 Cozmoslabs | 1 Profile Builder | 2022-03-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Profile Builder – User Profile & User Registration Forms WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the site_url parameter found in the ~/assets/misc/fallback-page.php file which allows attackers to inject arbitrary web scripts onto a pages that executes whenever a user clicks on a specially crafted link by an attacker. This affects versions up to and including 3.6.1. | |||||
| CVE-2022-25305 | 1 Veronalabs | 1 Wp Statistics | 2022-03-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the IP parameter found in the ~/includes/class-wp-statistics-ip.php file which allows attackers to inject arbitrary web scripts onto several pages that execute when site administrators view a sites statistics, in versions up to and including 13.1.5. | |||||
| CVE-2022-25306 | 1 Veronalabs | 1 Wp Statistics | 2022-03-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the browser parameter found in the ~/includes/class-wp-statistics-visitor.php file which allows attackers to inject arbitrary web scripts onto several pages that execute when site administrators view a sites statistics, in versions up to and including 13.1.5. | |||||
| CVE-2022-25307 | 1 Veronalabs | 1 Wp Statistics | 2022-03-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the platform parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers to inject arbitrary web scripts onto several pages that execute when site administrators view a sites statistics, in versions up to and including 13.1.5. | |||||
| CVE-2021-44608 | 1 Bloofox | 1 Bloofoxcms | 2022-03-03 | 3.5 LOW | 5.4 MEDIUM |
| Multiple Cross Site Scripting (XSS) vulnerabilities exists in bloofoxCMS 0.5.2.1 - 0.5.1 via the (1) file parameter and (2) type parameter in an edit action in index.php. | |||||
| CVE-2021-44607 | 1 Thedaylightstudio | 1 Fuel Cms | 2022-03-03 | 3.5 LOW | 5.4 MEDIUM |
| A Cross Site Scripting (XSS) vulnerability exists in FUEL-CMS 1.5.1 in the Assets page via an SVG file. | |||||
| CVE-2021-44566 | 1 Rosariosis | 1 Rosariosis | 2022-03-02 | 3.5 LOW | 5.4 MEDIUM |
| A Cross Site Scripting (XSS) vulnerability exists in RosarioSIS before 4.3 via the SanitizeMarkDown function in ProgramFunctions/MarkDownHTML.fnc.php. | |||||
| CVE-2021-44565 | 1 Rosariosis | 1 Rosariosis | 2022-03-02 | 3.5 LOW | 5.4 MEDIUM |
| A Cross Site Scripting (XSS) vulnerability exists in RosarioSIS before 7.6.1 via the xss_clean function in classes/Security.php, which allows remote malicious users to inject arbitrary JavaScript or HTML. An example of affected components are all Markdown input fields. | |||||
| CVE-2021-44662 | 1 Nottingham.ac | 1 Xerte Online Toolkits | 2022-03-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Site Scripting (XSS) vulnerability exists in the Xerte Project Xerte through 3.8.4 via the link parameter in print.php. | |||||
| CVE-2021-43724 | 1 Intelliants | 1 Subrion Cms | 2022-03-02 | 3.5 LOW | 4.8 MEDIUM |
| A Cross Site Scripting (XSS) vulnerability exits in Subrion CMS through 4.2.1 in the Create Page functionality of the admin Account via a SGV file. | |||||
| CVE-2022-24620 | 1 Piwigo | 1 Piwigo | 2022-03-02 | 3.5 LOW | 5.4 MEDIUM |
| Piwigo version 12.2.0 is vulnerable to stored cross-site scripting (XSS), which can lead to privilege escalation. In this way, admin can steal webmaster's cookies to get the webmaster's access. | |||||
| CVE-2022-24582 | 1 Accounting Journal Management Project | 1 Accounting Journal Management | 2022-03-02 | 3.5 LOW | 5.4 MEDIUM |
| Accounting Journal Management 1.0 is vulnerable to XSS-PHPSESSID-Hijacking. The parameter manage_user from User lists is vulnerable to XSS-Stored and PHPSESSID attacks. The malicious user can attack the system by using the already session which he has from inside and outside of the network. | |||||
| CVE-2022-24566 | 1 Tribe29 | 1 Checkmk | 2022-03-02 | 3.5 LOW | 5.4 MEDIUM |
| In Checkmk <=2.0.0p19 fixed in 2.0.0p20 and Checkmk <=1.6.0p27 fixed in 1.6.0p28, the title of a Predefined condition is not properly escaped when shown as condition, which can result in Cross Site Scripting (XSS). | |||||
| CVE-2022-24565 | 1 Tribe29 | 1 Checkmk | 2022-03-02 | 3.5 LOW | 5.4 MEDIUM |
| Checkmk <=2.0.0p19 Fixed in 2.0.0p20 and Checkmk <=1.6.0p27 Fixed in 1.6.0p28 are affected by a Cross Site Scripting (XSS) vulnerability. The Alias of a site was not properly escaped when shown as condition for notifications. | |||||
| CVE-2022-24435 | 1 Phpuploader Project | 1 Phpuploader | 2022-03-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in phpUploader v1.2 and earlier allows a remote unauthenticated attacker to inject an arbitrary script via unspecified vectors. | |||||
| CVE-2022-24564 | 1 Tribe29 | 1 Checkmk | 2022-03-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| Checkmk <=2.0.0p19 contains a Cross Site Scripting (XSS) vulnerability. While creating or editing a user attribute, the Help Text is subject to HTML injection, which can be triggered for editing a user. | |||||
| CVE-2022-24374 | 1 Appleple | 1 A-blog Cms | 2022-03-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44, Ver.2.11.x series versions prior to Ver.2.11.42, and Ver.3.0.x series versions prior to Ver.3.0.1 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. This vulnerability is different from CVE-2022-23916. | |||||