• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-79

CVE-2022-29359

February 23, 2023 by godfreyd94

A stored cross-site scripting (XSS) vulnerability in /scas/?page=clubs/application_form&id=7 of School Club Application System v0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the firstname parameter.

CVE-2022-2936

February 23, 2023 by godfreyd94

The Image Hover Effects Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Video Link values that can be added to an Image Hover in versions up to, and including, 9.7.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default, the plugin only allows administrators access to edit Image Hovers, however, if a site admin makes the plugin’s features available to lower privileged users through the ‘Who Can Edit?’ setting then this can be exploited by those users.

CVE-2022-29360

February 23, 2023 by godfreyd94

The Email Viewer in RainLoop through 1.6.0 allows XSS via a crafted email message.

CVE-2022-29362

February 23, 2023 by godfreyd94

A cross-site scripting (XSS) vulnerability in /navigation/create?ParentID=%23 of ZKEACMS v3.5.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ParentID parameter.

CVE-2022-2937

February 23, 2023 by godfreyd94

The Image Hover Effects Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Title & Description values that can be added to an Image Hover in versions up to, and including, 9.7.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default, the plugin only allows administrators access to edit Image Hovers, however, if a site admin makes the plugin’s features available to lower privileged users through the ‘Who Can Edit?’ setting then this can be exploited by those users.

CVE-2022-29380

February 23, 2023 by godfreyd94

Academy-LMS v4.3 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the SEO panel.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 1968
  • Go to page 1969
  • Go to page 1970
  • Go to page 1971
  • Go to page 1972
  • Interim pages omitted …
  • Go to page 2216
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE