Export limit exceeded: 45937 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 47131 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (47131 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-2113 1 Inventree Project 1 Inventree 2024-11-21 5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository inventree/inventree prior to 0.7.2.
CVE-2022-2100 1 Wpzinc 1 Page Generator 2024-11-21 4.8 Medium
The Page Generator WordPress plugin before 1.6.5 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
CVE-2022-2093 1 Ninjateam 1 Wp Duplicate Page 2024-11-21 4.8 Medium
The WP Duplicate Page WordPress plugin before 1.3 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.
CVE-2022-2092 1 Wpovernight 1 Woocommerce Pdf Invoices\& Packing Slips 2024-11-21 6.1 Medium
The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 2.16.0 doesn't escape a parameter on its setting page, making it possible for attackers to conduct reflected cross-site scripting attacks.
CVE-2022-2090 1 Flycart 1 Discount Rules For Woocommerce 2024-11-21 6.1 Medium
The Discount Rules for WooCommerce WordPress plugin before 2.4.2 does not escape a parameter before outputting it back in an attribute of the plugin's discount rule page, leading to Reflected Cross-Site Scripting
CVE-2022-2089 1 Bold-themes 1 Bold Page Builder 2024-11-21 4.8 Medium
The Bold Page Builder WordPress plugin before 4.3.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.
CVE-2022-2072 1 Name Directory Project 1 Name Directory 2024-11-21 6.1 Medium
The Name Directory WordPress plugin before 1.25.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. Furthermore, as the payload is also saved into the database after the request, it leads to a Stored XSS as well
CVE-2022-2066 1 Facturascripts 1 Facturascripts 2024-11-21 6.1 Medium
Cross-site Scripting (XSS) - Reflected in GitHub repository neorazorx/facturascripts prior to 2022.06.
CVE-2022-2065 1 Facturascripts 1 Facturascripts 2024-11-21 5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository neorazorx/facturascripts prior to 2022.06.
CVE-2022-2060 1 Dolibarr 1 Dolibarr Erp\/crm 2024-11-21 5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr/dolibarr prior to 16.0.
CVE-2022-2059 1 Pandorafms 1 Pandora Fms 2024-11-21 3.5 Low
In Pandora FMS v7.0NG.761 and below, in the agent creation section, the alias parameter is vulnerable to a Stored Cross Site-Scripting. This vulnerability can be exploited by an attacker with administrator privileges logged in the system.
CVE-2022-2050 1 Maxfoundry 1 Wp-paginate 2024-11-21 4.8 Medium
The WP-Paginate WordPress plugin before 2.1.9 does not escape one of its settings, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when unfiltered_html is disallowed
CVE-2022-2036 1 Rosariosis 1 Rosariosis 2024-11-21 5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0.1.
CVE-2022-2035 1 Ltgplc 1 Rustici Software Scorm Engine 2024-11-21 6.1 Medium
A reflected cross-site scripting (XSS) vulnerability exists in the playerConfUrl parameter in the /defaultui/player/modern.html file for SCORM Engine versions < 20.1.45.914, 21.1.x < 21.1.7.219. The issue exists because there are no limitations on the domain or format of the url supplied by the user, allowing an attacker to craft malicious urls which can trigger a reflected XSS payload in the context of a victim's browser.
CVE-2022-2032 1 Pandorafms 1 Pandora Fms 2024-11-21 3.5 Low
In Pandora FMS v7.0NG.761 and below, in the file manager section, the dirname parameter is vulnerable to a Stored Cross Site-Scripting. This vulnerability can be exploited by an attacker with administrator privileges logged in the system.
CVE-2022-2029 1 Kromit 1 Titra 2024-11-21 5.4 Medium
Cross-site Scripting (XSS) - DOM in GitHub repository kromitgmbh/titra prior to 0.77.0.
CVE-2022-2028 1 Kromit 1 Titra 2024-11-21 5.4 Medium
Cross-site Scripting (XSS) - Generic in GitHub repository kromitgmbh/titra prior to 0.77.0.
CVE-2022-2026 1 Kromit 1 Titra 2024-11-21 5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository kromitgmbh/titra prior to 0.77.0.
CVE-2022-2016 1 Facturascripts 1 Facturascripts 2024-11-21 5.4 Medium
Cross-site Scripting (XSS) - Reflected in GitHub repository neorazorx/facturascripts prior to 2022.1.
CVE-2022-2015 1 Diagrams 1 Drawio 2024-11-21 5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 19.0.2.