• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors
Home » CVE’s

CVE’s


CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
CVE-2022-0957
2022-03-22
N/A
5.4 MEDIUM
Stored XSS via File Upload in GitHub repository star7th/showdoc prior to 2.10.4.
CVE-2022-0956
2022-03-22
N/A
5.4 MEDIUM
Stored XSS via File Upload in GitHub repository star7th/showdoc prior to v.2.10.4.
CVE-2022-0955
Data-hub, Pimcore
Adminbundle, Customer_management_framework, Data-hub, Perspective_editor, Admin_classic_bundle, Core, Customer-data-framework, Customer_data_framework
2022-03-29
N/A
4.8 MEDIUM
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/data-hub prior to 1.2.4.
CVE-2022-0954
2022-03-21
N/A
5.4 MEDIUM
Multiple Stored Cross-site Scripting (XSS) Vulnerabilities in Shop's Other Settings, Shop's Autorespond E-mail Settings and Shops' Payments Methods in GitHub repository microweber/microweber prior to 1.2.11.
CVE-2022-0953
2022-05-03
N/A
6.1 MEDIUM
The Anti-Malware Security and Brute-Force Firewall WordPress plugin before 4.20.96 does not sanitise and escape the QUERY_STRING before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting in browsers which do not encode characters
CVE-2022-0952
2022-05-09
N/A
8.8 HIGH
The Sitemap by click5 WordPress plugin before 1.0.36 does not have authorisation and CSRF checks when updating options via a REST endpoint, and does not ensure that the option to be updated belongs to the plugin. As a result, unauthenticated attackers could change arbitrary blog options, such as the users_can_register and default_role, allowing them to create a new admin account and take over the blog.
CVE-2022-0951
2022-03-21
N/A
6.1 MEDIUM
File Upload Restriction Bypass leading to Stored XSS Vulnerability in GitHub repository star7th/showdoc prior to 2.10.4.
CVE-2022-0950
2022-03-21
N/A
5.4 MEDIUM
Unrestricted Upload of File with Dangerous Type in GitHub repository star7th/showdoc prior to 2.10.4.
CVE-2022-0949
2022-04-15
N/A
9.8 CRITICAL
The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection WordPress plugin before 6.930 does not properly sanitise and escape the fingerprint parameter before using it in a SQL statement via the stopbadbots_grava_fingerprint AJAX action, available to unauthenticated users, leading to a SQL injection
CVE-2022-0948
2022-05-17
N/A
9.8 CRITICAL
The Order Listener for WooCommerce WordPress plugin before 3.2.2 does not sanitise and escape the id parameter before using it in a SQL statement via a REST route available to unauthenticated users, leading to an SQL injection
« Previous 1 … 11,003 11,004 11,005 11,006 11,007 … 11,258 Next »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE