• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-79

CVE-2022-22775

February 23, 2023 by

The Workspace client component of TIBCO Software Inc.’s TIBCO BPM Enterprise and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric contains difficult to exploit Reflected Cross Site Scripting (XSS) vulnerabilities that allow low privileged attackers with network access to execute scripts targeting the affected system or the victim’s local system. Affected releases are TIBCO Software Inc.’s TIBCO BPM Enterprise: versions 4.3.1 and below and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric: versions 4.3.1 and below.

CVE-2022-22776

February 23, 2023 by

The Web Server component of TIBCO Software Inc.’s TIBCO BusinessConnect Trading Community Management contains easily exploitable vulnerabilities that allows a low privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on the affected system. A successful attack using these vulnerabilities requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.’s TIBCO BusinessConnect Trading Community Management: versions 6.1.0 and below.

CVE-2022-22777

February 23, 2023 by

The Web Server component of TIBCO Software Inc.’s TIBCO BusinessConnect Trading Community Management contains easily exploitable Reflected Cross Site Scripting (XSS) vulnerabilities that allow an unauthenticated attacker with network access to execute scripts targeting the affected system or the victim’s local system. Affected releases are TIBCO Software Inc.’s TIBCO BusinessConnect Trading Community Management: versions 6.1.0 and below.

CVE-2022-2278

February 23, 2023 by

The Featured Image from URL (FIFU) WordPress plugin before 4.0.1 does not validate, sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup)

CVE-2022-22791

February 23, 2023 by

SYNEL – eharmony Authenticated Blind & Stored XSS. Inject JS code into the “comments” field could lead to potential stealing of cookies, loading of HTML tags and JS code onto the system.

CVE-2022-2280

February 23, 2023 by

Cross-site Scripting (XSS) – Stored in GitHub repository microweber/microweber prior to 1.2.19.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 2067
  • Go to page 2068
  • Go to page 2069
  • Go to page 2070
  • Go to page 2071
  • Interim pages omitted …
  • Go to page 2216
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE