• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-79

CVE-2022-2563

February 23, 2023 by godfreyd94

The Tutor LMS WordPress plugin before 2.0.10 does not escape some course parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

CVE-2022-25630

February 23, 2023 by godfreyd94

An authenticated user can embed malicious content with XSS into the admin group policy page.

CVE-2022-25642

February 23, 2023 by godfreyd94

Obyte (formerly Byteball) Wallet before 3.4.1 allows XSS. A crafted chat message can lead to remote code execution.

CVE-2022-25646

February 23, 2023 by godfreyd94

All versions of package x-data-spreadsheet are vulnerable to Cross-site Scripting (XSS) due to missing sanitization of values inserted into the cells.

CVE-2022-2565

February 23, 2023 by godfreyd94

The Simple Payment Donations & Subscriptions WordPress plugin before 4.2.1 does not sanitise and escape user input given in its forms, which could allow unauthenticated attackers to perform Cross-Site Scripting attacks against admins

CVE-2022-2567

February 23, 2023 by godfreyd94

The Form Builder CP WordPress plugin before 1.2.32 does not sanitise and escape some of its form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 2017
  • Go to page 2018
  • Go to page 2019
  • Go to page 2020
  • Go to page 2021
  • Interim pages omitted …
  • Go to page 2216
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE