• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-79

CVE-2022-25229

February 23, 2023 by godfreyd94

Popcorn Time 0.4.7 has a Stored XSS in the ‘Movies API Server(s)’ field via the ‘settings’ page. The ‘nodeIntegration’ configuration is set to on which allows the ‘webpage’ to use ‘NodeJs’ features, an attacker can leverage this to run OS commands.

CVE-2022-2523

February 23, 2023 by godfreyd94

Cross-site Scripting (XSS) – Reflected in GitHub repository beancount/fava prior to 1.22.2.

CVE-2022-25238

February 23, 2023 by godfreyd94

Silverstripe silverstripe/framework through 4.10.0 allows XSS, inside of script tags that can can be added to website content via XHR by an authenticated CMS user if the cwp-core module is not installed on the sanitise_server_side contig is not set to true in project code.

CVE-2022-25256

February 23, 2023 by godfreyd94

SAS Web Report Studio 4.4 allows XSS. /SASWebReportStudio/logonAndRender.do has two parameters: saspfs_request_backlabel_list and saspfs_request_backurl_list. The first one affects the content of the button placed in the top left. The second affects the page to which the user is directed after pressing the button, e.g., a malicious web page. In addition, the second parameter executes JavaScript, which means XSS is possible by adding a javascript: URL.

CVE-2022-25259

February 23, 2023 by godfreyd94

JetBrains Hub before 2021.1.14276 was vulnerable to reflected XSS.

CVE-2022-25261

February 23, 2023 by godfreyd94

JetBrains TeamCity before 2021.2.2 was vulnerable to reflected XSS.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 2026
  • Go to page 2027
  • Go to page 2028
  • Go to page 2029
  • Go to page 2030
  • Interim pages omitted …
  • Go to page 2216
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE