Skip to main content
CVE-2022-38664 MEDIUM PATCH This Month

Jenkins Job Configuration History Plugin 1165.v8cc9fd1f4597 and earlier does not escape the job name on the System Configuration History page, resulting in a stored cross-site scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Job Configuration History
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-36405 MEDIUM This Month

Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in amCharts: Charts and Maps plugin <= 1.4 at WordPress. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Amcharts
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-36347 MEDIUM This Month

Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alpine Press Alpine PhotoTile for Pinterest plugin <= 1.3.1 at WordPress. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Alpine Phototile For Pinterest
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-36341 MEDIUM This Month

Authenticated (subscriber+) plugin settings change leading to Stored Cross-Site Scripting (XSS) vulnerability in Akash soni's AS - Create Pinterest Pinboard Pages plugin <= 1.0 at WordPress. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress As Create Pinterest Pinboard Pages
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-36282 MEDIUM PATCH This Month

Authenticated (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Roman Pronskiy's Search Exclude plugin <= 1.2.6 at WordPress. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS WordPress Search Exclude
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-34658 MEDIUM PATCH This Month

Multiple Authenticated (contributor+) Persistent Cross-Site Scripting (XSS) vulnerabilities in W3 Eden Download Manager plugin <= 3.2.48 at WordPress. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS WordPress Download Manager
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-34648 MEDIUM This Month

Authenticated (author+) Stored Cross-Site Scripting (XSS) vulnerability in dmitrylitvinov Uploading SVG, WEBP and ICO files plugin <= 1.0.1 at WordPress. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Uploading Svg Webp And Ico Files
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-36350 MEDIUM PATCH This Month

Stored cross-site scripting vulnerability in PukiWiki versions 1.3.1 to 1.5.3 allows a remote attacker to inject an arbitrary script via unspecified vectors. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Pukiwiki
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-35242 MEDIUM PATCH This Month

Unauthenticated plugin settings change vulnerability in 59sec THE Leads Management System: 59sec LITE plugin <= 3.4.1 at WordPress. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress Privilege Escalation The Leads Management System
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2022-1989 MEDIUM This Month

All CODESYS Visualization versions before V4.2.0.0 generate a login dialog vulnerable to information exposure allowing a remote, unauthenticated attacker to enumerate valid users. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Visualization
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-35235 MEDIUM PATCH This Month

Authenticated (admin+) Arbitrary File Read vulnerability in XplodedThemes WPide plugin <= 2.6 at WordPress. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

WordPress Path Traversal Wpide File Manager Code Editor
NVD
CVSS 3.1
4.9
EPSS
0.9%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy