• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-79

CVE-2022-35725

February 23, 2023 by godfreyd94

Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Hans Matzen’s wp-forecast plugin <= 7.5 at WordPress.

CVE-2022-3573

February 23, 2023 by godfreyd94

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. Due to the improper filtering of query parameters in the wiki changes page, an attacker can execute arbitrary JavaScript on the self-hosted instances running without strict CSP.

CVE-2022-35740

February 23, 2023 by godfreyd94

dotCMS before 22.06 allows remote attackers to bypass intended access control and obtain sensitive information by using a semicolon in a URL to introduce a matrix parameter. (This is also fixed in 5.3.8.12, 21.06.9, and 22.03.2 for LTS users.) Some Java application frameworks, including those used by Spring or Tomcat, allow the use of matrix parameters: these are URI parameters separated by semicolons. Through precise semicolon placement in a URI, it is possible to exploit this feature to avoid dotCMS’s path-based XSS prevention (such as “require login” filters), and consequently access restricted resources. For example, an attacker could place a semicolon immediately before a / character that separates elements of a filesystem path. This could reveal file content that is ordinarily only visible to signed-in users. This issue can be chained with other exploit code to achieve XSS attacks against dotCMS.

CVE-2022-35612

February 23, 2023 by godfreyd94

A cross-site scripting (XSS) vulnerability in MQTTRoute v3.3 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the dashboard name text field.

CVE-2022-3562

February 23, 2023 by godfreyd94

Cross-site Scripting (XSS) – Stored in GitHub repository librenms/librenms prior to 22.10.0.

CVE-2022-35630

February 23, 2023 by godfreyd94

A cross-site scripting (XSS) issue in generating a collection report made it possible for malicious clients to inject JavaScript code into the static HTML file. This issue was resolved in Velociraptor 0.6.5-2.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 1884
  • Go to page 1885
  • Go to page 1886
  • Go to page 1887
  • Go to page 1888
  • Interim pages omitted …
  • Go to page 2216
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE