• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-79

CVE-2022-3207

February 23, 2023 by godfreyd94

The Simple File List WordPress plugin before 4.4.12 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

CVE-2022-32074

February 23, 2023 by godfreyd94

A stored cross-site scripting (XSS) vulnerability in the component audit/class.audit.php of osTicket-plugins – Storage-FS before commit a7842d494889fd5533d13deb3c6a7789768795ae allows attackers to execute arbitrary web scripts or HTML via a crafted SVG file.

CVE-2022-3209

February 23, 2023 by godfreyd94

The soledad WordPress theme before 8.2.5 does not sanitise the {id,datafilter[type],…} parameters in its penci_more_slist_post_ajax AJAX action, leading to a Reflected Cross-Site Scripting (XSS) vulnerability.

CVE-2022-3211

February 23, 2023 by godfreyd94

Cross-site Scripting (XSS) – Stored in GitHub repository pimcore/pimcore prior to 10.5.6.

CVE-2022-32115

February 23, 2023 by godfreyd94

An issue in the isSVG() function of Known v1.2.2+2020061101 allows attackers to execute arbitrary code via a crafted SVG file.

CVE-2022-32118

February 23, 2023 by godfreyd94

Arox School ERP Pro v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the dispatchcategory parameter in backoffice.inc.php.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 1923
  • Go to page 1924
  • Go to page 1925
  • Go to page 1926
  • Go to page 1927
  • Interim pages omitted …
  • Go to page 2216
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE