The ameos_tarteaucitron (aka AMEOS – TarteAuCitron GDPR cookie banner and tracking management / French RGPD compatible) extension before 1.2.23 for TYPO3 allows XSS.
CWE-79
CVE-2022-33156
The matomo_integration (aka Matomo Integration) extension before 1.3.2 for TYPO3 allows XSS.
CVE-2022-33157
The libconnect extension before 7.0.8 and 8.x before 8.1.0 for TYPO3 allows XSS.
CVE-2022-33191
Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Chinmoy Paul’s Testimonials plugin <= 3.0.1 at WordPress.
CVE-2022-33009
A stored cross-site scripting (XSS) vulnerability in LightCMS v1.3.11 allows attackers to execute arbitrary web scripts or HTML via uploading a crafted PDF file.
CVE-2022-33043
A cross-site scripting (XSS) vulnerability in the batch add function of Urtracker Premium v4.0.1.1477 allows attackers to execute arbitrary web scripts or HTML via a crafted excel file.
