• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-79

CVE-2022-0969

February 23, 2023 by

The Image optimization & Lazy Load by Optimole WordPress plugin before 3.3.2 does not sanitise and escape its “Lazyload background images for selectors” settings, which could allow high privilege users such as admin to perform Cross-Site scripting attacks even when the unfiltered_html capability is disallowed.

CVE-2022-0970

February 23, 2023 by

Cross-site Scripting (XSS) – Stored in GitHub repository getgrav/grav prior to 1.7.31.

CVE-2022-0986

February 23, 2023 by

Reflected Cross-site Scripting (XSS) Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.11.

CVE-2022-0994

February 23, 2023 by

The Hummingbird WordPress plugin before 3.3.2 does not sanitise and escape the Config Name, which could allow high privilege users, such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

CVE-2022-1001

February 23, 2023 by

The WP Downgrade WordPress plugin before 1.2.3 only perform client side validation of its “WordPress Target Version” settings, but does not sanitise and escape it server side, allowing high privilege users such as admin to perform Cross-Site attacks even when the unfiltered_html capability is disallowed

CVE-2022-1002

February 23, 2023 by

Mattermost 6.3.0 and earlier fails to properly sanitize the HTML content in the email invitation sent to guest users, which allows registered users with special permissions to invite guest users to inject unescaped HTML content in the email invitations.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 2137
  • Go to page 2138
  • Go to page 2139
  • Go to page 2140
  • Go to page 2141
  • Interim pages omitted …
  • Go to page 2216
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE