• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-79

CVE-2022-28364

February 23, 2023 by godfreyd94

Reprise License Manager 14.2 is affected by a reflected cross-site scripting vulnerability (XSS) in the /goform/rlmswitchr_process file parameter via GET. Authentication is required.

CVE-2022-28367

February 23, 2023 by godfreyd94

OWASP AntiSamy before 1.6.6 allows XSS via HTML tag smuggling on STYLE content with crafted input. The output serializer does not properly encode the supposed Cascading Style Sheets (CSS) content.

CVE-2022-28378

February 23, 2023 by godfreyd94

Craft CMS before 3.7.29 allows XSS.

CVE-2022-28379

February 23, 2023 by godfreyd94

jc21.com Nginx Proxy Manager before 2.9.17 allows XSS during item deletion.

CVE-2022-2839

February 23, 2023 by godfreyd94

The Zephyr Project Manager WordPress plugin before 3.2.55 does not have any authorisation as well as CSRF in all its AJAX actions, allowing unauthenticated users to call them either directly or via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping, it could also allow them to perform Stored Cross-Site Scripting attacks against logged in admins.

CVE-2022-28202

February 23, 2023 by godfreyd94

An XSS issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. The widthheight, widthheightpage, and nbytes properties of messages are not escaped when used in galleries or Special:RevisionDelete.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 1984
  • Go to page 1985
  • Go to page 1986
  • Go to page 1987
  • Go to page 1988
  • Interim pages omitted …
  • Go to page 2216
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE