• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-79

CVE-2022-2426

February 23, 2023 by

The Thinkific Uploader WordPress plugin through 1.0.0 does not sanitise and escape its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks against other administrators.

CVE-2022-2428

February 23, 2023 by

A crafted tag in the Jupyter Notebook viewer in GitLab EE/CE affecting all versions before 15.1.6, 15.2 to 15.2.4, and 15.3 to 15.3.2 allows an attacker to issue arbitrary HTTP requests

CVE-2022-2430

February 23, 2023 by

The Visual Composer Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Text Block’ feature in versions up to, and including, 45.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with access to the visual composer editor to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE-2022-24131

February 23, 2023 by

DouPHP v1.6 Release 20220121 is affected by Cross Site Scripting (XSS) through /admin/login.php in the background, which will lead to JavaScript code execution.

CVE-2022-24135

February 23, 2023 by

QingScan 1.3.0 is affected by Cross Site Scripting (XSS) vulnerability in all search functions.

CVE-2022-24177

February 23, 2023 by

A cross-site scripting (XSS) vulnerability in the component cgi-bin/ej.cgi of Ex libris ALEPH 500 v18.1 and v20 allows attackers to execute arbitrary web scripts or HTML.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 2043
  • Go to page 2044
  • Go to page 2045
  • Go to page 2046
  • Go to page 2047
  • Interim pages omitted …
  • Go to page 2216
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE