Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-25506 | 1 Freetakserver-ui Project | 1 Freetakserver-ui | 2022-03-22 | 4.0 MEDIUM | 6.5 MEDIUM |
| FreeTAKServer-UI v1.9.8 was discovered to contain a SQL injection vulnerability via the API endpoint /AuthenticateUser. | |||||
| CVE-2022-25507 | 1 Freetakserver-ui Project | 1 Freetakserver-ui | 2022-03-22 | 3.5 LOW | 5.4 MEDIUM |
| FreeTAKServer-UI v1.9.8 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Callsign parameter. | |||||
| CVE-2022-22344 | 1 Ibm | 1 Spectrum Copy Data Management | 2022-03-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 220038 | |||||
| CVE-2021-39055 | 1 Ibm | 1 Spectrum Copy Data Management | 2022-03-22 | 3.5 LOW | 5.4 MEDIUM |
| IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 214534. | |||||
| CVE-2021-39051 | 1 Ibm | 1 Spectrum Copy Data Management | 2022-03-22 | 6.4 MEDIUM | 6.5 MEDIUM |
| IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to server-side request forgery, caused by improper input of application server registration function. A remote attacker could exploit this vulnerability using the host address and port fields of the application server registration form in the portal UI to enumerate and attack services that are running on those hosts. IBM X-Force ID: 214441. | |||||
| CVE-2022-0962 | 1 Showdoc | 1 Showdoc | 2022-03-22 | 3.5 LOW | 5.4 MEDIUM |
| Stored XSS viva .webma file upload in GitHub repository star7th/showdoc prior to 2.10.4. | |||||
| CVE-2022-0648 | 1 I13websolution | 1 Team Circle Image Slider With Lightbox | 2022-03-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Team Circle Image Slider With Lightbox WordPress plugin before 1.0.16 does not sanitize and escape the order_pos parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. | |||||
| CVE-2022-0601 | 1 Edmonsoft | 1 Countdown\, Coming Soon\, Maintenance - Countdown \& Clock | 2022-03-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Countdown, Coming Soon, Maintenance WordPress plugin before 2.2.9 does not sanitize and escape the post parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. | |||||
| CVE-2022-0593 | 1 Idehweb | 1 Login With Phone Number | 2022-03-21 | 6.4 MEDIUM | 6.5 MEDIUM |
| The Login with phone number WordPress plugin before 1.3.7 includes a file delete.php with no form of authentication or authorization checks placed in the plugin directory, allowing unauthenticated user to remotely delete the plugin files leading to a potential Denial of Service situation. | |||||
| CVE-2022-0503 | 1 Obtaininfotech | 1 Multisite Content Copier\/updater | 2022-03-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WordPress Multisite Content Copier/Updater WordPress plugin before 2.1.2 does not sanitise and escape the s parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue in the network dashboard | |||||
| CVE-2022-0478 | 1 Mage-people | 1 Event Manager And Tickets Selling For Woocommerce | 2022-03-21 | 6.5 MEDIUM | 8.8 HIGH |
| The Event Manager and Tickets Selling for WooCommerce WordPress plugin before 3.5.8 does not validate and escape the post_author_gutenberg parameter before using it in a SQL statement when creating/editing events, which could allow users with a role as low as contributor to perform SQL Injection attacks | |||||
| CVE-2022-0449 | 1 Odude | 1 Flexi | 2022-03-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Flexi WordPress plugin before 4.20 does not sanitise and escape various parameters before outputting them back in some pages such as the user dashboard, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-0399 | 1 Berocket | 1 Advanced Product Labels For Woocommerce | 2022-03-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Advanced Product Labels for WooCommerce WordPress plugin before 1.2.3.7 does not sanitise and escape the tax_color_set_type parameter before outputting it back in the berocket_apl_color_listener AJAX action's response, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-0327 | 1 Jeweltheme | 1 Master Addons For Elementor | 2022-03-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Master Addons for Elementor WordPress plugin before 1.8.5 does not sanitise and escape the error_message parameter before outputting it back in the response of the jltma_restrict_content AJAX action, available to unauthenticated and authenticated users, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-0254 | 1 Highfivery | 1 Zero-spam | 2022-03-21 | 7.5 HIGH | 9.8 CRITICAL |
| The WordPress Zero Spam WordPress plugin before 5.2.11 does not properly sanitise and escape the order and orderby parameters before using them in a SQL statement in the admin dashboard, leading to a SQL injection | |||||
| CVE-2022-0954 | 1 Microweber | 1 Microweber | 2022-03-21 | 3.5 LOW | 5.4 MEDIUM |
| Multiple Stored Cross-site Scripting (XSS) Vulnerabilities in Shop's Other Settings, Shop's Autorespond E-mail Settings and Shops' Payments Methods in GitHub repository microweber/microweber prior to 1.2.11. | |||||
| CVE-2021-45010 | 1 Tiny File Manager Project | 1 Tiny File Manager | 2022-03-21 | 6.5 MEDIUM | 8.8 HIGH |
| A path traversal vulnerability in the file upload functionality in tinyfilemanager.php in Tiny File Manager before 2.4.7 allows remote attackers (with valid user accounts) to upload malicious PHP files to the webroot, leading to code execution. | |||||
| CVE-2022-0894 | 1 Pimcore | 1 Pimcore | 2022-03-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0. | |||||
| CVE-2022-0893 | 1 Pimcore | 1 Pimcore | 2022-03-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0. | |||||
| CVE-2022-0951 | 1 Showdoc | 1 Showdoc | 2022-03-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| File Upload Restriction Bypass leading to Stored XSS Vulnerability in GitHub repository star7th/showdoc prior to 2.10.4. | |||||