• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-79

CVE-2022-39181

February 23, 2023 by godfreyd94

GLPI – Reports plugin for GLPI Reflected Cross-Site-Scripting (RXSS). Type 1: Reflected XSS (or Non-Persistent) – The server reads data directly from the HTTP request and reflects it back in the HTTP response. Reflected XSS exploits occur when an attacker causes a victim to supply dangerous content to a vulnerable web application, which is then reflected back to the victim and executed by the web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or emailed directly to the victim. URLs constructed in this manner constitute the core of many phishing schemes, whereby an attacker convinces a victim to visit a URL that refers to a vulnerable site. After the site reflects the attacker’s content back to the victim, the content is executed by the victim’s browser.

CVE-2022-39187

February 23, 2023 by godfreyd94

Rumpus – FTP server version 9.0.7.1 has a Reflected cross-site scripting (RXSS) vulnerability through unspecified vectors.

CVE-2022-3919

February 23, 2023 by godfreyd94

The Jetpack CRM WordPress plugin before 5.4.3 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

CVE-2022-39195

February 23, 2023 by godfreyd94

A cross-site scripting (XSS) vulnerability in the LISTSERV 17 web interface allows remote attackers to inject arbitrary JavaScript or HTML via the c parameter.

CVE-2022-39197

February 23, 2023 by godfreyd94

An XSS (Cross Site Scripting) vulnerability was found in HelpSystems Cobalt Strike through 4.7 that allowed a remote attacker to execute HTML on the Cobalt Strike teamserver. To exploit the vulnerability, one must first inspect a Cobalt Strike payload, and then modify the username field in the payload (or create a new payload with the extracted information and then modify that username field to be malformed).

CVE-2022-3909

February 23, 2023 by godfreyd94

The Add Comments WordPress plugin through 1.0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 1836
  • Go to page 1837
  • Go to page 1838
  • Go to page 1839
  • Go to page 1840
  • Interim pages omitted …
  • Go to page 2216
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE