• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-79

CVE-2022-3136

February 23, 2023 by godfreyd94

The Social Rocket WordPress plugin before 1.3.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

CVE-2022-3137

February 23, 2023 by godfreyd94

The Taskbuilder WordPress plugin before 1.0.8 does not validate and sanitise task’s attachments, which could allow any authenticated user (such as subscriber) creating a task to perform Stored Cross-Site Scripting by attaching a malicious SVG file

CVE-2022-31373

February 23, 2023 by godfreyd94

SolarView Compact v6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component Solar_AiConf.php.

CVE-2022-3138

February 23, 2023 by godfreyd94

Cross-site Scripting (XSS) – Generic in GitHub repository jgraph/drawio prior to 20.3.0.

CVE-2022-3139

February 23, 2023 by godfreyd94

The We’re Open! WordPress plugin before 1.42 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

CVE-2022-31398

February 23, 2023 by godfreyd94

A cross-site scripting (XSS) vulnerability in /staff/tools/custom-fields of Helpdeskz v2.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email name field.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 1931
  • Go to page 1932
  • Go to page 1933
  • Go to page 1934
  • Go to page 1935
  • Interim pages omitted …
  • Go to page 2216
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE