CWE:
 

Topic
Date
Author
Low
Survey Sparrow Enterprise Survey Software 2022 Cross Site Scripting
19.05.2022
Pankaj Kumar Thakur
Low
Emby Media Server 4.7.0.60 Cross Site Scripting
19.05.2022
Yehia Elghaly
Low
T-Soft E-Commerce 4 Cross Site Scripting
17.05.2022
Alperen Ergel
Low
Cyclos 4.14.7 groupId DOM Based Cross-Site Scripting (XSS)
17.05.2022
Tin Pham
Low
Showdoc 2.10.3 Stored Cross-Site Scripting (XSS)
17.05.2022
Akshay Ravi
High
e107 CMS 3.2.1 Arbitrary File Upload / Cross Site Scripting
11.05.2022
Hubert Wojciechowski
Low
WordPress Stafflist 3.1.2 Cross Site Scripting
03.05.2022
Hassan Khan Yusufzai
Low
Gitlab 14.9 Cross Site Scripting
26.04.2022
stacksmashing
Low
WordPress Coru LFMember 1.0.2 Cross Site Scripting
26.04.2022
Mariam Tariq
Low
WordPress WP-Invoice 4.3.1 Cross Site Scripting
26.04.2022
Mariam Tariq
Low
WordPress Videos Sync PDF 1.7.4 Cross Site Scripting
24.04.2022
UnD3sc0n0c1d0
Low
WordPress Popup Maker 1.16.5 Cross Site Scripting
24.04.2022
Roel van Beurden
Low
PKP Open Journals System 3.3 Cross Site Scripting
19.04.2022
Hemant Kashyap
Low
Delta Controls enteliTOUCH 3.40.3935 Cross Site Scripting
17.04.2022
LiquidWorm
Low
ICT Protege GX/WX 2.08 Stored Cross-Site Scripting (XSS)
11.04.2022
LiquidWorm
Low
WordPress Anti-Malware Security And Brute-Force Firewall Cross Site Scripting
11.04.2022
Taurus Omar
Low
AeroCMS 0.0.1 Cross Site Scripting
08.04.2022
D4rkP0w4r
Low
Reprise License Manager 14.2 Cross Site Scripting / Information Disclosure
08.04.2022
Giulia Melotti Garibal...
Low
Social Codia SMS 1 Cross Site Scripting
08.04.2022
D4rkP0w4r
Low
minewebcms 1.15.2 Cross Site Scripting
07.04.2022
Chetanya Sharma
Low
Opmon 9.11 Cross Site Scripting
07.04.2022
p3tryx
Low
WordPress CleanTalk 5.173 Cross Site Scripting
01.04.2022
Ramuel Gall
Low
WordPress Uleak Security Dashboard 1.2.3 Cross Site Scripting
01.04.2022
Hassan Khan Yusufzai
Low
Message System 1.0 Cross Site Scripting
31.03.2022
Hejap Zairy
Low
WordPress Easy Cookie Policy 1.6.2 Cross Site Scripting
30.03.2022
0xB9
Low
WordPress Donorbox-Donation-Form 7.1.6 Cross Site Scripting
30.03.2022
Hassan Khan Yusufzai
Low
WordPress Clipr 1.2.3 Cross Site Scripting
30.03.2022
Hassan Khan Yusufzai
Low
SAP Knowledge Warehouse 7.50 / 7.40 / 7.31 / 7.30 Cross Site Scripting
24.03.2022
Julien Ahrens
Low
WordPress Akismet Spam Protection 4.2.2 Cross Site Scripting
24.03.2022
Milad Karimi
Low
Drupal Avatar Upload 7.x-1.0-beta8 Cross Site Scripting
24.03.2022
Milad Karimi
Med.
OX App Suite 7.10.5 Cross Site Scripting
22.03.2022
Martin Heiland
Low
ICT Protege GX/WX 2.08 Cross Site Scripting
22.03.2022
LiquidWorm
Low
Simple Mobile Comparison Website 1.0 Cross Site Scripting
18.03.2022
Ayedh AlQahtani
Low
BuilderTorCTPHPRAT.b Cross Site Scripting
17.03.2022
malvuln
Low
DEOS AG OPEN 710/810 Cross Site Scripting
10.03.2022
n4pst3r
Low
Zyxel ZyWALL 2 Plus Cross Site Scripting
04.03.2022
Momen Eldawakhly
Low
Cipi Control Panel 3.1.15 Cross Site Scripting
03.03.2022
Fikrat Ghuliev
Low
WordPress Photoswipe Masonry Gallery 1.2.14 Cross Site Scripting
26.02.2022
Chloe Chamberland
Low
Network Video Recorder NVR304-16EP Reflected Cross-Site Scripting (XSS) (Unauthenticated)
23.02.2022
Luis Martinez
Low
WordPress 99robots Header Footer Code Manager 1.1.16 Cross Site Scripting
22.02.2022
Ramuel Gall
Low
Agirhnet 1.0 Cross Site Scripting
22.02.2022
Daniel Martinez Adan
Med.
Car Portal Template Cross Site Scripting
20.02.2022
Vulnerability Laborato...
Low
Fortinet Fortimail 7.0.1 Cross Site Scripting
20.02.2022
Braiant Giraldo Villa
Low
WordPress Cozmoslabs Profile Builder 3.6.1 Cross Site Scripting
17.02.2022
Chloe Chamberland
High
Zyxel Buffer Overflow / File Disclosure / CSRF / XSS / Broken Access Control
17.02.2022
Stefan Viehbock
Low
MartFury Marketplace Cross Site Scripting
17.02.2022
Vulnerability Laborato...
Low
Network Video Recorder NVR304-16EP Cross Site Scripting
16.02.2022
Luis Martinez
Low
WordPress Plugin Post Grid 2.1.1 Cross Site Scripting (XSS)
14.02.2022
0xB9
Low
WordPress Plugin CP Blocks 1.0.14 Stored Cross Site Scripting (XSS)
09.02.2022
Shweta Mahajan
Low
WordPress Plugin Product Slider for WooCommerce 1.13.21 Cross Site Scripting (XSS)
08.02.2022
0xB9
Low
WordPress CP Blocks 1.0.14 Cross Site Scripting
08.02.2022
Shweta Mahajan
Low
WordPress Security Audit 1.0.0 Cross Site Scripting
08.02.2022
Shweta Mahajan
Med.
Shopmetrics Mystery Shopping Software Broken Access Control / XSS
07.02.2022
A. Vodyasov
Low
WordPress IP2Location Country Blocker 2.26.7 Cross Site Scripting
07.02.2022
Ahmet Serkan Ari
Low
Rocket LMS 1.1 Persistent Cross Site Scripting (XSS)
07.02.2022
Vulnerability-Lab
Med.
WordPress International SMS For Contact Form 7 Integration 1.2 XSS
07.02.2022
Milad Karimi
Low
WordPress Post Grid 2.1.1 Cross Site Scripting
04.02.2022
0xB9
Low
WordPress Product Slider For WooCommerce 1.13.21 Cross Site Scripting
03.02.2022
0xB9
Med.
Online Project Time Management System 1.0 Multiple Stored Cross Site Scripting (XSS) (Authenticated)
02.02.2022
Felipe Alcantara
High
SAP Enterprise Portal RunContentCreation Cross Site Scripting
28.01.2022
Yvan Genuer
Low
SAP Enterprise Portal NavigationReporter Cross Site Scripting
27.01.2022
Yvan Genuer
Med.
WordPress Mortgage Calculators WP 1.52 Cross Site Scripting
27.01.2022
Ceylan Bozogullarindan
Low
uBidAuction 2.0.1 Cross Site Scripting
26.01.2022
Vulnerability Laborato...
Low
Ametys CMS 4.4.1 Cross Site Scripting
26.01.2022
Vulnerability Laborato...
Low
WebACMS 2.1.0 Cross Site Scripting
26.01.2022
Patrick Hener
Low
Banco Guayaquil 8.0.0 Cross Site Scripting
21.01.2022
Taurus Omar
Low
AgentTesla Builder Web Panel Cross Site Scripting
17.01.2022
malvuln
Low
Ab Stealer Web Panel Cross Site Scripting
17.01.2022
malvuln
Low
HTTP Commander 3.1.9 Cross Site Scripting
15.01.2022
Oscar Sanden
Low
Online Diagnostic Lab Management System 1.0 Cross Site Scripting
15.01.2022
Himash
Low
WordPress Frontend Uploader 1.3.2 Cross Site Scripting
13.01.2022
Veshraj Ghimire
Low
RLM 14.2 Cross Site Scripting
13.01.2022
Giulia Melotti Garibal...
Med.
DMCA.com Improper Access Control / Cross Site Scripting
12.01.2022
Joel Aviad Ossi
Low
WordPress Contact Form Entries Cross Site Scripting
11.01.2022
gx1
Low
Open-AudIT Community 4.2.0 Cross Site Scripting
10.01.2022
Dominic Clark
Low
Online Railway Reservation System 1.0 Cross Site Scripting
10.01.2022
Zachary Asher
Low
Safari Montage 8.5 Cross Site Scripting
06.01.2022
Momen Eldawakhly
Low
Affiliate Pro 1.7 Cross Site Scripting
05.01.2022
Vulnerability Laborato...
Low
WordPress AAWP 3.16 Cross Site Scripting
05.01.2022
Andrea Bocchetti
Low
uDoctorAppointment 2.1.1 Cross Site Scripting
05.01.2022
Vulnerability Laborato...
Low
Easy Cart Shopping Cart 2021 Cross Site Scripting
05.01.2022
Vulnerability Laborato...
Med.
WordPress CRM Form Entries Cross Site Scripting
04.01.2022
Gaetano Perrone
Low
BeyondTrust Remote Support 6.0 Cross Site Scripting
04.01.2022
Malcrove
Low
Projeqtor 9.3.1 Cross Site Scripting
04.01.2022
Oscar Gutierrez
High
AbanteCart Arbitrary File Upload / Cross Site Scripting
19.12.2021
Ian Chong
Low
Croogo 3.0.2 Cross Site Scripting
17.12.2021
Enes Ozeser
Low
Sofico Miles RIA 2020.2 Build 127964T Cross Site Scripting
16.12.2021
Oualid Lkhaouni
Low
WordPress Typebot 1.4.3 Cross Site Scripting
16.12.2021
Mansi Singh
High
OrbiTeam BSCW Server XSS / LFI / User Enumeration
04.12.2021
Armin Stock
Low
WordPress Slider By Soliloquy 2.6.2 Cross Site Scripting
04.12.2021
Abdurrahman Erkan
Low
Online Enrollment Management System In PHP And PayPal 1.0 Cross Site Scripting
02.12.2021
Tushar Jadhav
Low
Orangescrum 1.8.0 Cross Site Scripting
29.11.2021
Hubert Wojciechowski
Low
PHPJabbers Simple CMS 5 name Persistent Cross-Site Scripting (XSS)
29.11.2021
Vulnerability-Lab
Low
WordPress Preview E-mails For WooCommerce 1.6.8 Cross Site Scripting
18.11.2021
Chloe Chamberland
Low
Quick.CMS 6.7 Cross Site Request Forgery / Cross Site Scripting
17.11.2021
Rahad Chowdhury
Low
Bludit 3.13.1 Cross Site Scripting
17.11.2021
Vasu
Med.
WordPress WPSchoolPress 2.1.16 Cross Site Scripting
16.11.2021
Davide Taraschi
Low
CMDBuild 3.3.2 Cross Site Scripting
16.11.2021
Hosein Vita
Low
PHP Laravel 8.70.1 Cross Site Scripting (XSS) to Cross Site Request Forgery (CSRF)
15.11.2021
Hosein Vita
Low
Ultimate POS 4.4 name Cross-Site Scripting (XSS)
15.11.2021
Vulnerability Lab


CVEMAP Search Results

CVE
Details
Description
2022-05-19
Waiting for details
CVE-2022-29449

Updating...
 

 
Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Opal Hotel Room Booking plugin <= 1.2.7 at WordPress.

 
2022-05-18
Waiting for details
CVE-2022-25617

Updating...
 

 
Reflected Cross-Site Scripting (XSS) vulnerability in Code Snippets plugin <= 2.14.3 at WordPress via &orderby vulnerable parameter.

 
Waiting for details
CVE-2022-29230

Updating...
 

 
Hydrogen is a React-based framework for building dynamic, Shopify-powered custom storefronts. There is a potential Cross-Site Scripting (XSS) vulnerability where an arbitrary user is able to execute scripts on pages that are built with Hydrogen. This affects all versions of Hydrogen starting from version 0.10.0 to 0.18.0. This vulnerability is exploitable in applications whose hydrating data is user controlled. All Hydrogen users should upgrade their project to version 0.19.0. There is no current workaround, and users should update as soon as possible. Additionally, the Content Security Policy is not an effective mitigation for this vulnerability.

 
2022-05-16
Waiting for details
CVE-2022-1557

Updating...
 

 
The ULeak Security & Monitoring WordPress plugin through 1.2.3 does not have authorisation and CSRF checks when updating its settings, and is also lacking sanitisation as well as escaping in some of them, which could allow any authenticated users such as subscriber to perform Stored Cross-Site Scripting attacks against admins viewing the settings

 
Waiting for details
CVE-2022-1512

Updating...
 

 
The ScrollReveal.js Effects WordPress plugin through 1.2 does not sanitise and escape its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

 
Waiting for details
CVE-2022-1465

Updating...
 

 
The WPC Smart Wishlist for WooCommerce WordPress plugin before 2.9.9 does not sanitise and escape a parameter before outputting it back in an attribute via an AJAX action, leading to a Reflected Cross-Site Scripting issue.

 
Waiting for details
CVE-2022-1455

Updating...
 

 
The Call Now Button WordPress plugin before 1.1.2 does not escape a parameter before outputting it back in an attribute of a hidden input, leading to a Reflected Cross-Site Scripting when the premium is enabled

 
Waiting for details
CVE-2022-1436

Updating...
 

 
The WPCargo Track & Trace WordPress plugin before 6.9.5 does not sanitise and escape the wpcargo_tracking_number parameter before outputting it back in the page, which could allow attackers to perform reflected Cross-Site Scripting attacks.

 
Waiting for details
CVE-2022-1408

Updating...
 

 
The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.8 does not escape various settings before outputting them in attributes, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

 
Waiting for details
CVE-2022-1393

Updating...
 

 
The WP Subtitle WordPress plugin before 3.4.1 adds a subtitle field and provides a shortcode to display it via [wp_subtitle]. The subtitle is stored as a custom post meta with the key: "wps_subtitle", which is sanitized upon post save/update, however is not sanitized when updating it directly from the post meta update button (via AJAX) - and this makes the XSS exploitable by authenticated users with a role as low as contributor.

 

 


Copyright 2022, cxsecurity.com

 

Back to Top