Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-4197 | 1 10web | 1 Slider | 2023-01-04 | N/A | 4.8 MEDIUM |
| The Sliderby10Web WordPress plugin before 1.2.53 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2022-4267 | 1 Speakdigital | 1 Bulk Delete Users By Email | 2023-01-04 | N/A | 6.1 MEDIUM |
| The Bulk Delete Users by Email WordPress plugin through 1.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-4243 | 1 Wpscoop | 1 Imageinject | 2023-01-04 | N/A | 4.8 MEDIUM |
| The ImageInject WordPress plugin through TODO does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2022-4242 | 1 Ljapps | 1 Wp Google Review Slider | 2023-01-04 | N/A | 4.8 MEDIUM |
| The WP Google Review Slider WordPress plugin before 11.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2022-4735 | 1 Dash-live Project | 1 Dash-live | 2023-01-04 | N/A | 6.1 MEDIUM |
| A vulnerability classified as problematic was found in asrashley dash-live. This vulnerability affects the function ready of the file static/js/media.js of the component DOM Node Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The name of the patch is 24d01757a5319cc14c4aa1d8b53d1ab24d48e451. It is recommended to apply a patch to fix this issue. VDB-216766 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-4731 | 1 Myapnea | 1 Myapnea | 2023-01-04 | N/A | 5.4 MEDIUM |
| A vulnerability, which was classified as problematic, was found in myapnea up to 29.0.x. Affected is an unknown function of the component Title Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 29.1.0 is able to address this issue. The name of the patch is 99934258530d761bd5d09809bfa6c14b598f8d18. It is recommended to upgrade the affected component. VDB-216750 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-45890 | 1 Planetestream | 1 Planet Estream | 2023-01-04 | N/A | 6.1 MEDIUM |
| In Planet eStream before 6.72.10.07, a Reflected Cross-Site Scripting (XSS) vulnerability exists via any metadata filter field (e.g., search within Default.aspx with the r or fo parameter). | |||||
| CVE-2022-45892 | 1 Planetestream | 1 Planet Estream | 2023-01-04 | N/A | 5.4 MEDIUM |
| In Planet eStream before 6.72.10.07, multiple Stored Cross-Site Scripting (XSS) vulnerabilities exist: Disclaimer, Search Function, Comments, Batch editing tool, Content Creation, Related Media, Create new user, and Change Username. | |||||
| CVE-2022-34473 | 1 Mozilla | 1 Firefox | 2023-01-04 | N/A | 6.1 MEDIUM |
| The HTML Sanitizer should have sanitized the <code>href</code> attribute of SVG <code><use></code> tags; however it incorrectly did not sanitize <code>xlink:href</code> attributes. This vulnerability affects Firefox < 102. | |||||
| CVE-2022-34475 | 1 Mozilla | 1 Firefox | 2023-01-04 | N/A | 6.1 MEDIUM |
| SVG <code><use></code> tags that referenced a same-origin document could have resulted in script execution if attacker input was sanitized via the HTML Sanitizer API. This would have required the attacker to reference a same-origin JavaScript file containing the script to be executed. This vulnerability affects Firefox < 102. | |||||
| CVE-2022-45411 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2023-01-04 | N/A | 6.1 MEDIUM |
| Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript (such as cookies protected by HTTPOnly). To mitigate this attack, browsers placed limits on <code>fetch()</code> and XMLHttpRequest; however some webservers have implemented non-standard headers such as <code>X-Http-Method-Override</code> that override the HTTP method, and made this attack possible again. Thunderbird has applied the same mitigations to the use of this and similar headers. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107. | |||||
| CVE-2022-4736 | 1 Venganzasdelpasado | 1 Venganzas Del Pasado | 2023-01-03 | N/A | 6.1 MEDIUM |
| A vulnerability was found in Venganzas del Pasado and classified as problematic. Affected by this issue is some unknown functionality. The manipulation of the argument the_title leads to cross site scripting. The attack may be launched remotely. The name of the patch is 62339b2ec445692c710b804bdf07aef4bd247ff7. It is recommended to apply a patch to fix this issue. VDB-216770 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-4740 | 1 Keking | 1 Kkfileview | 2023-01-03 | N/A | 6.1 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in kkFileView. Affected by this issue is the function setWatermarkAttribute of the file /picturesPreview. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-216776. | |||||
| CVE-2021-44855 | 1 Mediawiki | 1 Mediawiki | 2023-01-03 | N/A | 5.4 MEDIUM |
| An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. There is Blind Stored XSS via a URL to the Upload Image feature. | |||||
| CVE-2022-37307 | 1 Open-xchange | 1 Open-xchange Appsuite | 2023-01-03 | N/A | 6.1 MEDIUM |
| OX App Suite through 7.10.6 allows XSS via XHTML CDATA for a snippet, as demonstrated by the onerror attribute of an IMG element within an e-mail signature. | |||||
| CVE-2022-29852 | 1 Open-xchange | 1 Open-xchange Appsuite | 2023-01-03 | N/A | 5.4 MEDIUM |
| OX App Suite through 8.2 allows XSS because BMFreehand10 and image/x-freehand are not blocked. | |||||
| CVE-2022-29853 | 1 Open-xchange | 1 Open-xchange Appsuite | 2023-01-03 | N/A | 5.4 MEDIUM |
| OX App Suite through 8.2 allows XSS via a certain complex hierarchy that forces use of Show Entire Message for a huge HTML e-mail message. | |||||
| CVE-2022-31743 | 1 Mozilla | 1 Firefox | 2023-01-03 | N/A | 6.5 MEDIUM |
| Firefox's HTML parser did not correctly interpret HTML comment tags, resulting in an incongruity with other browsers. This could have been used to escape HTML comments on pages that put user-controlled data in them. This vulnerability affects Firefox < 101. | |||||
| CVE-2022-37308 | 1 Open-xchange | 1 Open-xchange Appsuite | 2023-01-03 | N/A | 6.1 MEDIUM |
| OX App Suite through 7.10.6 allows XSS via HTML in text/plain e-mail messages. | |||||
| CVE-2022-37309 | 1 Open-xchange | 1 Open-xchange Appsuite | 2023-01-03 | N/A | 6.1 MEDIUM |
| OX App Suite through 7.10.6 allows XSS via script code within a contact that has an e-mail address but lacks a name. | |||||