Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-4826 | 1 Simple Tooltips Project | 1 Simple Tooltips | 2023-02-13 | N/A | 5.4 MEDIUM |
| The Simple Tooltips WordPress plugin before 2.1.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2022-4824 | 1 Essentialplugin | 1 Wp Blog And Widget | 2023-02-13 | N/A | 5.4 MEDIUM |
| The WP Blog and Widgets WordPress plugin before 2.3.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | |||||
| CVE-2022-4833 | 1 Plugin | 1 Yourchannel | 2023-02-13 | N/A | 5.4 MEDIUM |
| The YourChannel: Everything you want in a YouTube plugin WordPress plugin before 1.2.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | |||||
| CVE-2022-4836 | 1 Pickplugins | 1 Breadcrumb | 2023-02-13 | N/A | 5.4 MEDIUM |
| The Breadcrumb WordPress plugin before 1.5.33 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | |||||
| CVE-2023-0072 | 1 Wcvendors | 1 Wc Vendors Marketplace | 2023-02-13 | N/A | 5.4 MEDIUM |
| The WC Vendors Marketplace WordPress plugin before 2.4.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2023-0062 | 1 Wpfactory | 1 Ean For Woocommerce | 2023-02-13 | N/A | 5.4 MEDIUM |
| The EAN for WooCommerce WordPress plugin before 4.4.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2022-4838 | 1 Codection | 1 Clean Login | 2023-02-13 | N/A | 5.4 MEDIUM |
| The Clean Login WordPress plugin before 1.13.7 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | |||||
| CVE-2023-0082 | 1 Exactmetrics | 1 Exactmetrics | 2023-02-13 | N/A | 5.4 MEDIUM |
| The ExactMetrics WordPress plugin before 7.12.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2023-0081 | 1 Monsterinsights | 1 Monsterinsights | 2023-02-13 | N/A | 5.4 MEDIUM |
| The MonsterInsights WordPress plugin before 8.12.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2023-0095 | 1 A3rev | 1 Page View Count | 2023-02-13 | N/A | 5.4 MEDIUM |
| The Page View Count WordPress plugin before 2.6.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2023-0096 | 1 Happyforms | 1 Happyforms | 2023-02-13 | N/A | 5.4 MEDIUM |
| The Happyforms WordPress plugin before 1.22.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2019-16172 | 1 Limesurvey | 1 Limesurvey | 2023-02-13 | 3.5 LOW | 5.4 MEDIUM |
| LimeSurvey before v3.17.14 allows stored XSS for escalating privileges from a low-privileged account to, for example, SuperAdmin. The attack uses a survey group in which the title contains JavaScript that is mishandled upon group deletion. | |||||
| CVE-2019-16173 | 1 Limesurvey | 1 Limesurvey | 2023-02-13 | 3.5 LOW | 5.4 MEDIUM |
| LimeSurvey before v3.17.14 allows reflected XSS for escalating privileges from a low-privileged account to, for example, SuperAdmin. This occurs in application/core/Survey_Common_Action.php, | |||||
| CVE-2019-16392 | 3 Canonical, Debian, Spip | 3 Ubuntu Linux, Debian Linux, Spip | 2023-02-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| SPIP before 3.1.11 and 3.2 before 3.2.5 allows prive/formulaires/login.php XSS via error messages. | |||||
| CVE-2021-37378 | 1 Teradke | 4 Cube, Cube Firmware, Cube Pro and 1 more | 2023-02-13 | N/A | 5.4 MEDIUM |
| ** UNSUPPORTED WHEN ASSIGNED ** Cross Site Scripting (XSS) vulnerability in Teradek Cube and Cube Pro firmware version 7.3.x and earlier allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has reached End of Life and will not be receiving any firmware updates to address this issue. | |||||
| CVE-2021-37377 | 1 Teradek | 2 Brik, Brik Firmware | 2023-02-13 | N/A | 5.4 MEDIUM |
| ** UNSUPPORTED WHEN ASSIGNED ** Cross Site Scripting (XSS) vulnerability in Teradek Brik firmware version 7.2.x and earlier allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has reached End of Life and will not be receiving any firmware updates to address this issue. | |||||
| CVE-2021-37376 | 1 Teradek | 6 Bond, Bond 2, Bond 2 Firmware and 3 more | 2023-02-13 | N/A | 5.4 MEDIUM |
| ** UNSUPPORTED WHEN ASSIGNED ** Cross Site Scripting (XSS) vulnerability in Teradek Bond, Bond 2 and Bond Pro firmware version 7.3.x and earlier allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has reached End of Life and will not be receiving any firmware updates to address this issue. | |||||
| CVE-2021-37379 | 1 Teradek | 2 Sphere, Sphere Firmware | 2023-02-13 | N/A | 5.4 MEDIUM |
| ** UNSUPPORTED WHEN ASSIGNED ** Cross Site Scripting (XSS) vulnerability in Teradek Sphere all firmware versions allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has reached End of Life and will not be receiving any firmware updates to address this issue. | |||||
| CVE-2021-37375 | 1 Teradek | 4 Vidiu, Vidiu Firmware, Vidiu Mini and 1 more | 2023-02-13 | N/A | 5.4 MEDIUM |
| ** UNSUPPORTED WHEN ASSIGNED ** Cross Site Scripting (XSS) vulnerability in Teradek VidiU / VidiU Mini firmware version 3.0.8 and earlier allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has reached End of Life and will not be receiving any firmware updates to address this issue. | |||||
| CVE-2022-48085 | 1 Softr | 1 Softr | 2023-02-13 | N/A | 5.4 MEDIUM |
| Softr v2.0 was discovered to contain a HTML injection vulnerability via the Work Space Name parameter. | |||||