• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-79

CVE-2022-4834

February 23, 2023 by godfreyd94

The CPT Bootstrap Carousel WordPress plugin through 1.12 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

CVE-2022-4835

February 23, 2023 by godfreyd94

The Social Sharing Toolkit WordPress plugin through 2.6 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

CVE-2022-48085

February 23, 2023 by godfreyd94

Softr v2.0 was discovered to contain a HTML injection vulnerability via the Work Space Name parameter.

CVE-2022-48091

February 23, 2023 by godfreyd94

Tramyardg hotel-mgmt-system version 2022.4 is vulnerable to Cross Site Scripting (XSS) via process_update_profile.php.

CVE-2022-48118

February 23, 2023 by godfreyd94

Jorani v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Acronym parameter.

CVE-2022-48140

February 23, 2023 by godfreyd94

DedeCMS v5.7.97 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /file_manage_view.php?fmdo=edit&filename.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 1697
  • Go to page 1698
  • Go to page 1699
  • Go to page 1700
  • Go to page 1701
  • Interim pages omitted …
  • Go to page 2216
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE