Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-38467 | 1 Crmperks | 1 Crm Perks Forms | 2023-01-24 | N/A | 6.1 MEDIUM |
| Reflected Cross-Site Scripting (XSS) vulnerability in CRM Perks Forms – WordPress Form Builder <= 1.1.0 ver. | |||||
| CVE-2022-4442 | 1 Cozmoslabs | 1 Custom Post Types And Custom Fields Creator | 2023-01-24 | N/A | 4.8 MEDIUM |
| The Custom Post Types and Custom Fields creator WordPress plugin before 2.3.3 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup). | |||||
| CVE-2022-4431 | 1 Pluginus | 1 Fox - Currency Switcher Professional For Woocommerce | 2023-01-24 | N/A | 5.4 MEDIUM |
| The WOOCS WordPress plugin before 1.3.9.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | |||||
| CVE-2022-39195 | 1 Lsoft | 1 Listserv | 2023-01-24 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the LISTSERV 17 web interface allows remote attackers to inject arbitrary JavaScript or HTML via the c parameter. | |||||
| CVE-2022-40704 | 1 Phoronix-media | 1 Phoronix Test Suite | 2023-01-24 | N/A | 6.1 MEDIUM |
| A XSS vulnerability was found in phoromatic_r_add_test_details.php in phoronix-test-suite. | |||||
| CVE-2022-4320 | 1 Mhsoftware | 1 Wordpress Events Calendar Plugin | 2023-01-24 | N/A | 6.1 MEDIUM |
| The WordPress Events Calendar WordPress plugin before 1.4.5 does not sanitize and escapes a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against both unauthenticated and authenticated users (such as high-privilege ones like admin). | |||||
| CVE-2022-4299 | 1 Metricool | 1 Metricool | 2023-01-24 | N/A | 4.8 MEDIUM |
| The Metricool WordPress plugin before 1.18 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2010-10008 | 1 Simplesamlphp | 1 Simplesamlphp-module-openidprovider | 2023-01-24 | N/A | 5.4 MEDIUM |
| ** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in simplesamlphp simplesamlphp-module-openidprovider up to 0.8.x. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file templates/trust.tpl.php. The manipulation of the argument StateID leads to cross site scripting. The attack can be launched remotely. Upgrading to version 0.9.0 is able to address this issue. The name of the patch is 8365d48c863cf06ccf1465cc0a161cefae29d69d. It is recommended to upgrade the affected component. The identifier VDB-218473 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2015-10058 | 1 Mediawiki | 1 Wikisource Category Browser | 2023-01-24 | N/A | 6.1 MEDIUM |
| A vulnerability, which was classified as problematic, was found in Wikisource Category Browser. This affects an unknown part of the file index.php. The manipulation of the argument lang leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patch is 764f4e8ce3f9242637df77530c70ae8a2ec4b6a1. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218415. | |||||
| CVE-2015-10059 | 1 Webapplication-veganguide Project | 1 Webapplication-veganguide | 2023-01-24 | N/A | 6.1 MEDIUM |
| A vulnerability has been found in s134328 Webapplication-Veganguide and classified as problematic. This vulnerability affects unknown code of the file p05-integration/app/shared/api/apiService.js. The manipulation of the argument country/city leads to cross site scripting. The attack can be initiated remotely. The name of the patch is 2aa760fa4e779e40a28206a32ac22ac10356f519. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-218416. | |||||
| CVE-2022-4571 | 1 Castos | 1 Seriously Simple Podcasting | 2023-01-24 | N/A | 5.4 MEDIUM |
| The Seriously Simple Podcasting WordPress plugin before 2.19.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | |||||
| CVE-2022-4578 | 1 Video Conferencing With Zoom Project | 1 Video Conferencing With Zoom | 2023-01-24 | N/A | 5.4 MEDIUM |
| The Video Conferencing with Zoom WordPress plugin before 4.0.10 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | |||||
| CVE-2022-4658 | 1 Rssimport Project | 1 Rssimport | 2023-01-24 | N/A | 5.4 MEDIUM |
| The RSSImport WordPress plugin through 4.6.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. | |||||
| CVE-2022-4655 | 1 Collne | 1 Welcart E-commerce | 2023-01-24 | N/A | 5.4 MEDIUM |
| The Welcart e-Commerce WordPress plugin before 2.8.9 does not validate and escapes one of its shortcode attributes, which could allow users with a role as low as a contributor to perform a Stored Cross-Site Scripting attack. | |||||
| CVE-2019-16295 | 1 Control-webpanel | 1 Webpanel | 2023-01-24 | 1.9 LOW | 4.6 MEDIUM |
| Stored XSS in filemanager2.php in CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.885 exists via the cmd_arg parameter. This can be exploited by a local attacker who supplies a crafted filename within a directory visited by the victim. | |||||
| CVE-2019-12190 | 1 Control-webpanel | 1 Webpanel | 2023-01-24 | 3.5 LOW | 5.4 MEDIUM |
| XSS was discovered in CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.747 via the testacc/fileManager2.php fm_current_dir or filename parameter. | |||||
| CVE-2019-11429 | 1 Control-webpanel | 1 Webpanel | 2023-01-24 | 3.5 LOW | 4.8 MEDIUM |
| CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.793 (Free/Open Source Version), 0.9.8.753 (Pro) and 0.9.8.807 (Pro) is vulnerable to Reflected XSS for the "Domain" field on the "DNS Functions > "Add DNS Zone" screen. | |||||
| CVE-2019-7646 | 1 Control-webpanel | 1 Webpanel | 2023-01-24 | 3.5 LOW | 4.8 MEDIUM |
| CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.763 is vulnerable to Stored/Persistent XSS for the "Package Name" field via the add_package module parameter. | |||||
| CVE-2018-5961 | 1 Control-webpanel | 1 Webpanel | 2023-01-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| CentOS-WebPanel.com (aka CWP) CentOS Web Panel through v0.9.8.12 has XSS via the `module` value of the `index.php` file. | |||||
| CVE-2018-18774 | 1 Control-webpanel | 1 Webpanel | 2023-01-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows XSS via the admin/index.php module parameter. | |||||