CVE's - CVE Vulnerability

CVE

Vendors

Products

Updated

CVSS v2

CVSS v3

CVE-2022-1820

2022-06-21

N/A

6.1 MEDIUM

The Keep Backup Daily plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘t’ parameter in versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

CVE-2022-1819

2022-06-02

N/A

4.8 MEDIUM

A vulnerability, which was classified as problematic, was found in Student Information System 1.0. Affected is admin/?page=students of the Student Roll module. The manipulation with the input leads to authenticated cross site scripting. Exploit details have been disclosed to the public.

CVE-2022-1818

2022-06-28

N/A

5.4 MEDIUM

The Multi-page Toolkit WordPress plugin through 2.6 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping as well

CVE-2022-1817

2022-06-03

N/A

5.4 MEDIUM

A vulnerability, which was classified as problematic, was found in Badminton Center Management System. This affects the userlist module at /bcms/admin/?page=user/list. The manipulation of the argument username with the input 1 leads to an authenticated cross site scripting. Exploit details have been disclosed to the public.

CVE-2022-1816

2022-06-03

N/A

5.4 MEDIUM

A vulnerability, which was classified as problematic, has been found in Zoo Management System 1.0. Affected by this issue is /zoo/admin/public_html/view_accounts?type=zookeeper of the content module. The manipulation of the argument admin_name with the input leads to an authenticated cross site scripting. Exploit details have been disclosed to the public.

CVE-2022-1815

2022-06-07

N/A

7.5 HIGH

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio prior to 18.1.2.

CVE-2022-1814

2022-06-21

N/A

4.8 MEDIUM

The WP Admin Style WordPress plugin through 0.1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed

CVE-2022-1813

2022-05-30

N/A

9.8 CRITICAL

OS Command Injection in GitHub repository yogeshojha/rengine prior to 1.2.0.

CVE-2022-1812

2023-01-23

N/A

9.8 CRITICAL

Integer Overflow or Wraparound in GitHub repository publify/publify prior to 9.2.10.

CVE-2022-1811

2022-06-02

N/A

5.4 MEDIUM

Unrestricted Upload of File with Dangerous Type in GitHub repository publify/publify prior to 9.2.9.

« Previous 1 … 10,921 10,922 10,923 10,924 10,925 … 11,258 Next »