Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-10002 | 1 Rivettracker Project | 1 Rivettracker | 2023-01-09 | N/A | 6.1 MEDIUM |
| A vulnerability was found in ahmyi RivetTracker. It has been declared as problematic. Affected by this vulnerability is the function changeColor of the file css.php. The manipulation of the argument set_css leads to cross site scripting. The attack can be launched remotely. The name of the patch is 45a0f33876d58cb7e4a0f17da149e58fc893b858. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217267. | |||||
| CVE-2022-46181 | 1 Gotify | 1 Server | 2023-01-09 | N/A | 5.4 MEDIUM |
| Gotify server is a simple server for sending and receiving messages in real-time per WebSocket. Versions prior to 2.2.2 contain an XSS vulnerability that allows authenticated users to upload .html files. An attacker could execute client side scripts **if** another user opened a link. The attacker could potentially take over the account of the user that clicked the link. The Gotify UI won't natively expose such a malicious link, so an attacker has to get the user to open the malicious link in a context outside of Gotify. The vulnerability has been fixed in version 2.2.2. As a workaround, you can block access to non image files via a reverse proxy in the `./image` directory. | |||||
| CVE-2022-4329 | 1 Product List Widget For Woocommerce Project | 1 Product List Widget For Woocommerce | 2023-01-09 | N/A | 6.1 MEDIUM |
| The Product list Widget for Woocommerce WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against both unauthenticated and authenticated users (such as high privilege one like admin). | |||||
| CVE-2022-4362 | 1 Code-atlantic | 1 Popup Maker | 2023-01-09 | N/A | 5.4 MEDIUM |
| The Popup Maker WordPress plugin before 1.16.9 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2022-4369 | 1 Wplite | 1 Wp-lister Lite For Amazon | 2023-01-09 | N/A | 6.1 MEDIUM |
| The WP-Lister Lite for Amazon WordPress plugin before 2.4.4 does not sanitize and escapes a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which can be used against high-privilege users such as admin. | |||||
| CVE-2022-4381 | 1 Code-atlantic | 1 Popup Maker | 2023-01-09 | N/A | 5.4 MEDIUM |
| The Popup Maker WordPress plugin before 1.16.9 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2022-4142 | 1 Wordpress Filter Gallery Project | 1 Wordpress Filter Gallery | 2023-01-09 | N/A | 4.8 MEDIUM |
| The WordPress Filter Gallery Plugin WordPress plugin before 0.1.6 does not properly escape the filters passed in the ufg_gallery_filters ajax action before outputting them on the page, allowing a high privileged user such as an administrator to inject HTML or javascript to the plugin settings page, even when the unfiltered_html capability is disabled. | |||||
| CVE-2022-4198 | 1 Wp Social Sharing Project | 1 Wp Social Sharing | 2023-01-09 | N/A | 4.8 MEDIUM |
| The WP Social Sharing WordPress plugin through 2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2022-4200 | 1 Miniorange | 1 Login With Cognito | 2023-01-09 | N/A | 4.8 MEDIUM |
| The Login with Cognito WordPress plugin through 1.4.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2022-0801 | 1 Google | 1 Chrome | 2023-01-09 | N/A | 6.1 MEDIUM |
| Inappropriate implementation in HTML parser in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to bypass XSS preventions via a crafted HTML page. (Chrome security severity: Medium) | |||||
| CVE-2022-4256 | 1 Themesgrove | 1 All-in-one Addons For Elementor | 2023-01-09 | N/A | 4.8 MEDIUM |
| The All-in-One Addons for Elementor WordPress plugin before 2.4.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2022-4260 | 1 Wp-ban Project | 1 Wp-ban | 2023-01-09 | N/A | 4.8 MEDIUM |
| The WP-Ban WordPress plugin before 1.69.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2015-10010 | 1 Cisco | 1 Openresolve | 2023-01-09 | N/A | 6.1 MEDIUM |
| A vulnerability was found in OpenDNS OpenResolve. It has been rated as problematic. Affected by this issue is the function get of the file resolverapi/endpoints.py of the component API. The manipulation leads to cross site scripting. The attack may be launched remotely. The name of the patch is c680170d5583cd9342fe1af43001fe8b2b8004dd. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217196. | |||||
| CVE-2022-3936 | 1 Wpdarko | 1 Team Members | 2023-01-09 | N/A | 4.8 MEDIUM |
| The Team Members WordPress plugin before 5.2.1 does not sanitize and escapes some of its settings, which could allow high-privilege users such as editors to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in a multisite setup). | |||||
| CVE-2022-48197 | 1 Yui Project | 1 Yui | 2023-01-09 | N/A | 6.1 MEDIUM |
| ** UNSUPPORTED WHEN ASSIGNED ** Reflected cross-site scripting (XSS) exists in the TreeView of YUI2 through 2800: up.php sam.php renderhidden.php removechildren.php removeall.php readd.php overflow.php newnode2.php newnode.php. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2022-4114 | 1 Apusthemes | 1 Superio | 2023-01-09 | N/A | 5.4 MEDIUM |
| The Superio WordPress theme does not sanitise and escape some parameters, which could allow users with a role as low as a subscriber to perform Cross-Site Scripting attacks. | |||||
| CVE-2014-125035 | 1 Jobs-plugin Project | 1 Jobs-plugin | 2023-01-09 | N/A | 6.1 MEDIUM |
| A vulnerability classified as problematic was found in Jobs-Plugin. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. The name of the patch is b8a56718b1d42834c6ec51d9c489c5dc20471d7b. It is recommended to apply a patch to fix this issue. The identifier VDB-217189 was assigned to this vulnerability. | |||||
| CVE-2019-25093 | 1 Recent Threads On Index Project | 1 Recent Threads On Index | 2023-01-09 | N/A | 5.4 MEDIUM |
| A vulnerability, which was classified as problematic, was found in dragonexpert Recent Threads on Index. Affected is the function recentthread_list_threads of the file inc/plugins/recentthreads/hooks.php of the component Setting Handler. The manipulation of the argument recentthread_forumskip leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is 051465d807a8fcc6a8b0f4bcbb19299672399f48. It is recommended to apply a patch to fix this issue. VDB-217182 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-4119 | 1 Sirv | 1 Image Optimizer\, Resizer And Cdn | 2023-01-09 | N/A | 4.8 MEDIUM |
| The Image Optimizer, Resizer and CDN WordPress plugin before 6.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2015-10006 | 1 Ingnovarq Project | 1 Ingnovarq | 2023-01-09 | N/A | 6.1 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in admont28 Ingnovarq. Affected by this issue is some unknown functionality of the file app/controller/insertarSliderAjax.php. The manipulation of the argument imagetitle leads to cross site scripting. The attack may be launched remotely. The name of the patch is 9d18a39944d79dfedacd754a742df38f99d3c0e2. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217172. | |||||