• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-79

CVE-2022-2299

February 23, 2023 by

The Allow SVG Files WordPress plugin through 1.1 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads

CVE-2022-22999

February 23, 2023 by

Western Digital My Cloud devices are vulnerable to a cross side scripting vulnerability that can allow a malicious user with elevated privileges access to drives being backed up to construct and inject JavaScript payloads into an authenticated user’s browser. As a result, it may be possible to gain control over the authenticated session, steal data, modify settings, or redirect the user to malicious websites. The scope of impact can extend to other components.

CVE-2022-2300

February 23, 2023 by

Cross-site Scripting (XSS) – Stored in GitHub repository microweber/microweber prior to 1.2.19.

CVE-2022-23013

February 23, 2023 by

On BIG-IP DNS & GTM version 16.x before 16.1.0, 15.1.x before 15.1.4, 14.1.x before 14.1.4.4, and all versions of 13.1.x, 12.1.x, and 11.6.x, a DOM-based cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVE-2022-2291

February 23, 2023 by

A vulnerability was found in SourceCodester Hotel Management System 2.0. It has been rated as problematic. This issue affects some unknown processing of the file /ci_hms/search of the component Search. The manipulation of the argument search with the input “>alert(“XSS”) leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

CVE-2022-2292

February 23, 2023 by

A vulnerability classified as problematic has been found in SourceCodester Hotel Management System 2.0. Affected is an unknown function of the file /ci_hms/massage_room/edit/1 of the component Room Edit Page. The manipulation of the argument massageroomDetails with the input “>alert(“XSS”) leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 2064
  • Go to page 2065
  • Go to page 2066
  • Go to page 2067
  • Go to page 2068
  • Interim pages omitted …
  • Go to page 2216
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE