• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-79

CVE-2022-39839

February 23, 2023 by godfreyd94

Cotonti Siena 0.9.20 allows admins to conduct stored XSS attacks via a forum post.

CVE-2022-3984

February 23, 2023 by godfreyd94

The Flowplayer Video Player WordPress plugin before 1.0.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks

CVE-2022-39840

February 23, 2023 by godfreyd94

Cotonti Siena 0.9.20 allows admins to conduct stored XSS attacks via a direct message (DM).

CVE-2022-3985

February 23, 2023 by godfreyd94

The Videojs HTML5 Player WordPress plugin before 1.1.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks

CVE-2022-3986

February 23, 2023 by godfreyd94

The WP Stripe Checkout WordPress plugin before 1.2.2.21 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks

CVE-2022-3987

February 23, 2023 by godfreyd94

The Responsive Lightbox2 WordPress plugin before 1.0.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 1827
  • Go to page 1828
  • Go to page 1829
  • Go to page 1830
  • Go to page 1831
  • Interim pages omitted …
  • Go to page 2216
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE