Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-46871 | 1 Phoenixframework | 1 Phoenix Html | 2023-01-13 | N/A | 6.1 MEDIUM |
| tag.ex in Phoenix Phoenix.HTML (aka phoenix_html) before 3.0.4 allows XSS in HEEx class attributes. | |||||
| CVE-2022-4882 | 1 Kaltura | 1 Mwembed | 2023-01-13 | N/A | 6.1 MEDIUM |
| A vulnerability was found in kaltura mwEmbed up to 2.91. It has been rated as problematic. Affected by this issue is some unknown functionality of the file modules/KalturaSupport/components/share/share.js of the component Share Plugin. The manipulation of the argument res leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.92.rc1 is able to address this issue. The name of the patch is 4f11b6f6610acd6d89de5f8be47cf7c610643845. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217664. | |||||
| CVE-2021-4310 | 1 01-scripts | 1 01-artikelsystem | 2023-01-13 | N/A | 6.1 MEDIUM |
| A vulnerability was found in 01-Scripts 01-Artikelsystem. It has been classified as problematic. Affected is an unknown function of the file 01article.php. The manipulation of the argument $_SERVER['PHP_SELF'] leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is ae849b347a58c2cb1be38d04bbe56fc883d5d84a. It is recommended to apply a patch to fix this issue. VDB-217662 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-4710 | 1 Royal-elementor-addons | 1 Royal Elementor Addons | 2023-01-12 | N/A | 6.1 MEDIUM |
| The Royal Elementor Addons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.3.59, due to due to insufficient input sanitization and output escaping of the 'wpr_ajax_search_link_target' parameter in the 'data_fetch' function. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This is occurring because 'sanitize_text_field' is insufficient to prevent attribute-based Cross-Site Scripting | |||||
| CVE-2023-0162 | 1 Machothemes | 1 Cpo Companion | 2023-01-12 | N/A | 4.8 MEDIUM |
| The CPO Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of its content type settings parameters in versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2022-3855 | 1 404 To Start Project | 1 404 To Start | 2023-01-12 | N/A | 4.8 MEDIUM |
| The 404 to Start WordPress plugin through 1.6.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2022-4391 | 1 Vision Interactive Project | 1 Vision Interactive | 2023-01-12 | N/A | 5.4 MEDIUM |
| The Vision Interactive For WordPress plugin through 1.5.3 does not sanitise and escape some of its settings, which could allow users such as contributor+ to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | |||||
| CVE-2022-4392 | 1 Ipanorama 360 Wordpress Virtual Tour Builder Project | 1 Ipanorama 360 Wordpress Virtual Tour Builder | 2023-01-12 | N/A | 5.4 MEDIUM |
| The iPanorama 360 WordPress Virtual Tour Builder plugin through 1.6.29 does not sanitise and escape some of its settings, which could allow users such as contributor+ to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | |||||
| CVE-2023-0125 | 1 Control Id Panel Project | 1 Control Id Panel | 2023-01-12 | N/A | 6.1 MEDIUM |
| A vulnerability was found in Control iD Panel. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Web Interface. The manipulation of the argument Nome leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-217717 was assigned to this vulnerability. | |||||
| CVE-2022-4374 | 1 Bg Bible References Project | 1 Bg Bible References | 2023-01-12 | N/A | 6.1 MEDIUM |
| The Bg Bible References WordPress plugin through 3.8.14 does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. | |||||
| CVE-2022-4368 | 1 Cpkwebsolutions | 1 Wp Csv | 2023-01-12 | N/A | 6.1 MEDIUM |
| The WP CSV WordPress plugin through 1.8.0.0 does not sanitize and escape a parameter before outputting it back in the page when importing a CSV, and doe snot have CSRF checks in place as well, leading to a Reflected Cross-Site Scripting. | |||||
| CVE-2022-4325 | 1 Ifeelweb | 1 Post Status Notifier Lite | 2023-01-12 | N/A | 6.1 MEDIUM |
| The Post Status Notifier Lite WordPress plugin before 1.10.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which can be used against high privilege users such as admin. | |||||
| CVE-2022-4301 | 1 Sunshinephotocart | 1 Sunshine Photo Cart | 2023-01-12 | N/A | 6.1 MEDIUM |
| The Sunshine Photo Cart WordPress plugin before 2.9.15 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. | |||||
| CVE-2022-4196 | 1 Mondula | 1 Multi Step Form | 2023-01-12 | N/A | 4.8 MEDIUM |
| The Multi Step Form WordPress plugin before 1.7.8 does not sanitise and escape some of its form fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2022-4393 | 1 Imagelinks Interactive Image Builder Project | 1 Imagelinks Interactive Image Builder | 2023-01-12 | N/A | 5.4 MEDIUM |
| The ImageLinks Interactive Image Builder for WordPress plugin through 1.5.3 does not sanitise and escape some of its settings, which could allow users such as contributor+ to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | |||||
| CVE-2022-46603 | 1 Inkdrop | 1 Inkdrop | 2023-01-12 | N/A | 6.1 MEDIUM |
| An issue in Inkdrop v5.4.1 allows attackers to execute arbitrary commands via uploading a crafted markdown file. | |||||
| CVE-2022-4310 | 1 Wp-slimstat | 1 Slimstat Analytics | 2023-01-12 | N/A | 6.1 MEDIUM |
| The Slimstat Analytics WordPress plugin before 4.9.3 does not sanitise and escape the URI when logging requests, which could allow unauthenticated attackers to perform Stored Cross-Site Scripting attacks against logged in admin viewing the logs | |||||
| CVE-2022-4394 | 1 Ipages Flipbook Project | 1 Ipages Flipbook | 2023-01-12 | N/A | 5.4 MEDIUM |
| The iPages Flipbook For WordPress plugin through 1.4.6 does not sanitise and escape some of its settings, which could allow users such as contributor+ to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | |||||
| CVE-2022-4497 | 1 Automattic | 1 Jetpack Crm | 2023-01-12 | N/A | 5.4 MEDIUM |
| The Jetpack CRM WordPress plugin before 5.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins | |||||
| CVE-2022-4468 | 1 Bootstrapped | 1 Wp Recipe Maker | 2023-01-12 | N/A | 5.4 MEDIUM |
| The WP Recipe Maker WordPress plugin before 8.6.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin. | |||||