• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-79

CVE-2022-1971

February 23, 2023 by

The NextCellent Gallery WordPress plugin through 1.9.35 does not sanitise and escape some of its image settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup)

CVE-2022-1979

February 23, 2023 by

A vulnerability was found in SourceCodester Product Show Room Site 1.0. It has been declared as problematic. This vulnerability affects p=contact. The manipulation of the Message textbox with the input alert(1) leads to cross site scripting. The attack can be initiated remotely but requires authentication. Exploit details have been disclosed to the public.

CVE-2022-1980

February 23, 2023 by

A vulnerability was found in SourceCodester Product Show Room Site 1.0. It has been rated as problematic. This issue affects the file /admin/?page=system_info/contact_info. The manipulation of the textbox Telephone with the input alert(1) leads to cross site scripting. The attack may be initiated remotely but requires authentication. Exploit details have been disclosed to the public.

CVE-2022-1889

February 23, 2023 by

The Newsletter WordPress plugin before 7.4.6 does not escape and sanitise the preheader_text setting, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfilteredhtml is disallowed

CVE-2022-1894

February 23, 2023 by

The Popup Builder WordPress plugin before 4.1.11 does not escape and sanitize some settings, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfiltred_html is disallowed

CVE-2022-1896

February 23, 2023 by

The underConstruction WordPress plugin before 1.21 does not sanitise or escape the “Display a custom page using your own HTML” setting before outputting it, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiletred_html capability is disallowed.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 2103
  • Go to page 2104
  • Go to page 2105
  • Go to page 2106
  • Go to page 2107
  • Interim pages omitted …
  • Go to page 2216
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE