Total
44797 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-1228 | 1 Opensea Project | 1 Opeansea | 2024-11-21 | 4.8 Medium |
| The Opensea WordPress plugin before 1.0.3 does not sanitize and escape some of its settings, like its "Referer address" field, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | ||||
| CVE-2022-1221 | 1 Gwyn\'s Imagemap Selector Project | 1 Gwyn\'s Imagemap Selector | 2024-11-21 | 6.1 Medium |
| The Gwyn's Imagemap Selector WordPress plugin through 0.3.3 does not sanitise and escape some parameters before outputting them back in attributes, leading to a Reflected Cross-Site Scripting. | ||||
| CVE-2022-1220 | 1 Foxy-shop | 1 Foxyshop | 2024-11-21 | 6.1 Medium |
| The FoxyShop WordPress plugin before 4.8.2 does not sanitise and escape a parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting | ||||
| CVE-2022-1218 | 1 Duogeek | 1 Domain Replace | 2024-11-21 | 6.1 Medium |
| The Domain Replace WordPress plugin through 1.3.8 does not sanitise and escape a parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting | ||||
| CVE-2022-1217 | 1 Custom Tinymce Shortcode Button Project | 1 Custom Tinymce Shortcode Button | 2024-11-21 | 6.1 Medium |
| The Custom TinyMCE Shortcode Button WordPress plugin through 1.1 does not sanitise and escape the PHP_SELF variable before outputting it back in an attribute in an admin page, leading to Reflected Cross-Site Scripting. | ||||
| CVE-2022-1216 | 1 Advanced Image Sitemap Project | 1 Advanced Image Sitemap | 2024-11-21 | 6.1 Medium |
| The Advanced Image Sitemap WordPress plugin through 1.2 does not sanitise and escape the PHP_SELF PHP variable before outputting it back in an attribute in an admin page, leading to Reflected Cross-Site Scripting. | ||||
| CVE-2022-1192 | 1 Turn Off All Comments Project | 1 Turn Off All Comments | 2024-11-21 | 6.1 Medium |
| The Turn off all comments WordPress plugin through 1.0 does not sanitise and escape the rows parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting | ||||
| CVE-2022-1190 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 8.7 High |
| Improper handling of user input in GitLab CE/EE versions 8.3 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowed an attacker to exploit a stored XSS by abusing multi-word milestone references in issue descriptions, comments, etc. | ||||
| CVE-2022-1181 | 1 Open-emr | 1 Openemr | 2024-11-21 | 5.4 Medium |
| Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.2. | ||||
| CVE-2022-1180 | 1 Open-emr | 1 Openemr | 2024-11-21 | 3.5 Low |
| Reflected Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4. | ||||
| CVE-2022-1179 | 1 Open-emr | 1 Openemr | 2024-11-21 | 5.4 Medium |
| Non-Privilege User Can Created New Rule and Lead to Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4. | ||||
| CVE-2022-1178 | 1 Open-emr | 1 Openemr | 2024-11-21 | 5.4 Medium |
| Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4. | ||||
| CVE-2022-1175 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 8.7 High |
| Improper neutralization of user input in GitLab CE/EE versions 14.4 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 allowed an attacker to exploit XSS by injecting HTML in notes. | ||||
| CVE-2022-1173 | 1 Getgrav | 1 Grav | 2024-11-21 | 5.4 Medium |
| stored xss in GitHub repository getgrav/grav prior to 1.7.33. | ||||
| CVE-2022-1171 | 1 Vertical Scroll Recent Post Project | 1 Vertical Scroll Recent Post | 2024-11-21 | 6.1 Medium |
| The Vertical scroll recent post WordPress plugin before 14.0 does not sanitise and escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting | ||||
| CVE-2022-1170 | 1 Nootheme | 1 Jobmonster | 2024-11-21 | 6.1 Medium |
| In the Noo JobMonster WordPress theme before 4.5.2.9 JobMonster there is a XSS vulnerability as the input for the search form is provided through unsanitized GET requests. | ||||
| CVE-2022-1169 | 1 Eyecix | 1 Careerfy | 2024-11-21 | 6.1 Medium |
| There is a XSS vulnerability in Careerfy. | ||||
| CVE-2022-1168 | 1 Eyecix | 1 Jobsearch Wp Job Board | 2024-11-21 | 6.1 Medium |
| There is a Cross-Site Scripting vulnerability in the JobSearch WP JobSearch WordPress plugin before 1.5.1. | ||||
| CVE-2022-1167 | 1 Apusthemes | 1 Careerup | 2024-11-21 | 6.1 Medium |
| There are unauthenticated reflected Cross-Site Scripting (XSS) vulnerabilities in CareerUp Careerup WordPress theme before 2.3.1, via the filter parameters. | ||||
| CVE-2022-1164 | 1 Wztechno | 1 Wyzi | 2024-11-21 | 6.1 Medium |
| The Wyzi Theme was affected by reflected XSS vulnerabilities in the business search feature | ||||