• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-79

CVE-2022-21649

February 23, 2023 by

Convos is an open source multi-user chat that runs in a web browser. Characters starting with “https://” in the chat window create an tag. Stored XSS vulnerability using onfocus and autofocus occurs because escaping exists for “” but escaping for double quotes does not exist. Through this vulnerability, an attacker is capable to execute malicious scripts. Users are advised to update as soon as possible.

CVE-2022-21650

February 23, 2023 by

Convos is an open source multi-user chat that runs in a web browser. You can’t use SVG extension in Convos’ chat window, but you can upload a file with an .html extension. By uploading an SVG file with an html extension the upload filter can be bypassed. This causes Stored XSS. Also, after uploading a file the XSS attack is triggered upon a user viewing the file. Through this vulnerability, an attacker is capable to execute malicious scripts. Users are advised to update as soon as possible.

CVE-2022-21662

February 23, 2023 by

WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Low-privileged authenticated users (like author) in WordPress core are able to execute JavaScript/perform stored XSS attack, which can affect high-privileged users. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this issue.

CVE-2022-2167

February 23, 2023 by

The Newspaper WordPress theme before 12 does not sanitise a parameter before outputting it back in an HTML attribute via an AJAX action, leading to a Reflected Cross-Site Scripting

CVE-2022-2168

February 23, 2023 by

The Download Manager WordPress plugin before 3.2.44 does not escape a generated URL before outputting it back in an attribute of the history dashboard, leading to Reflected Cross-Site Scripting

CVE-2022-2169

February 23, 2023 by

The Loading Page with Loading Screen WordPress plugin before 1.0.83 does not escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 2081
  • Go to page 2082
  • Go to page 2083
  • Go to page 2084
  • Go to page 2085
  • Interim pages omitted …
  • Go to page 2216
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE