CWE-79

CVE-2022-0950

February 23, 2023 by

Unrestricted Upload of File with Dangerous Type in GitHub repository star7th/showdoc prior to 2.10.4.

CVE-2022-0951

February 23, 2023 by

File Upload Restriction Bypass leading to Stored XSS Vulnerability in GitHub repository star7th/showdoc prior to 2.10.4.

The Anti-Malware Security and Brute-Force Firewall WordPress plugin before 4.20.96 does not sanitise and escape the QUERY_STRING before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting in browsers which do not encode characters

CVE-2022-0954

February 23, 2023 by

Multiple Stored Cross-site Scripting (XSS) Vulnerabilities in Shop’s Other Settings, Shop’s Autorespond E-mail Settings and Shops’ Payments Methods in GitHub repository microweber/microweber prior to 1.2.11.

CVE-2022-0955

February 23, 2023 by

Cross-site Scripting (XSS) – Stored in GitHub repository pimcore/data-hub prior to 1.2.4.

CVE-2022-0956

February 23, 2023 by

Stored XSS via File Upload in GitHub repository star7th/showdoc prior to v.2.10.4.