• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-79

CVE-2022-1027

February 23, 2023 by

The Page Restriction WordPress (WP) WordPress plugin before 1.2.7 allows bad actors with administrator privileges to the settings page to inject Javascript code to its settings leading to stored Cross-Site Scripting that will only affect administrator users.

CVE-2022-0884

February 23, 2023 by

The Profile Builder WordPress plugin before 3.6.8 does not sanitise and escape Form Fields titles and description, which could allow high privilege user such as admin to perform Criss-Site Scripting attacks even when unfiltered_html is disallowed

CVE-2022-0889

February 23, 2023 by

The Ninja Forms – File Uploads Extension WordPress plugin is vulnerable to reflected cross-site scripting due to missing sanitization of the files filename parameter found in the ~/includes/ajax/controllers/uploads.php file which can be used by unauthenticated attackers to add malicious web scripts to vulnerable WordPress sites, in versions up to and including 3.3.12.

CVE-2022-0892

February 23, 2023 by

The Export All URLs WordPress plugin before 4.2 does not sanitise and escape the CSV filename before outputting it back in the page, leading to a Reflected Cross-Site Scripting

CVE-2022-0893

February 23, 2023 by

Cross-site Scripting (XSS) – Stored in GitHub repository pimcore/pimcore prior to 10.4.0.

CVE-2022-0894

February 23, 2023 by

Cross-site Scripting (XSS) – Stored in GitHub repository pimcore/pimcore prior to 10.4.0.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 2139
  • Go to page 2140
  • Go to page 2141
  • Go to page 2142
  • Go to page 2143
  • Interim pages omitted …
  • Go to page 2216
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE