• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-79

CVE-2022-4310

February 23, 2023 by godfreyd94

The Slimstat Analytics WordPress plugin before 4.9.3 does not sanitise and escape the URI when logging requests, which could allow unauthenticated attackers to perform Stored Cross-Site Scripting attacks against logged in admin viewing the logs

CVE-2022-4295

February 23, 2023 by godfreyd94

The Show All Comments WordPress plugin before 7.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against a logged in high privilege users such as admin.

CVE-2022-42954

February 23, 2023 by godfreyd94

Keyfactor EJBCA before 7.10.0 allows XSS.

CVE-2022-42960

February 23, 2023 by godfreyd94

EqualWeb Accessibility Widget 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.1.10, 3.0.0, 3.0.1, 3.0.2, 4.0.0, and 4.0.1 allows DOM XSS due to improper validation of message events to accessibility.js.

CVE-2022-42967

February 23, 2023 by godfreyd94

Caret is vulnerable to an XSS attack when the user opens a crafted Markdown file when preview mode is enabled. This directly leads to client-side code execution.

CVE-2022-42985

February 23, 2023 by godfreyd94

The ScratchLogin extension through 1.1 for MediaWiki does not escape verification failure messages, which allows users with administrator privileges to perform cross-site scripting (XSS).

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 1781
  • Go to page 1782
  • Go to page 1783
  • Go to page 1784
  • Go to page 1785
  • Interim pages omitted …
  • Go to page 2216
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE