• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-79

CVE-2022-0653

February 23, 2023 by

The Profile Builder – User Profile & User Registration Forms WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the site_url parameter found in the ~/assets/misc/fallback-page.php file which allows attackers to inject arbitrary web scripts onto a pages that executes whenever a user clicks on a specially crafted link by an attacker. This affects versions up to and including 3.6.1.

CVE-2022-0659

February 23, 2023 by

The Sync QCloud COS WordPress plugin before 2.0.1 does not escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

CVE-2022-0662

February 23, 2023 by

The AdRotate WordPress plugin before 5.8.23 does not sanitise and escape Advert Names which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

CVE-2022-0663

February 23, 2023 by

The Print, PDF, Email by PrintFriendly WordPress plugin before 5.2.3 does not sanitise and escape the Custom Button Text settings, which could allow high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

CVE-2022-0526

February 23, 2023 by

Cross-site Scripting (XSS) – Stored in GitHub repository chatwoot/chatwoot prior to 2.2.0.

CVE-2022-0527

February 23, 2023 by

Cross-site Scripting (XSS) – Stored in GitHub repository chatwoot/chatwoot prior to 2.2.0.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 2155
  • Go to page 2156
  • Go to page 2157
  • Go to page 2158
  • Go to page 2159
  • Interim pages omitted …
  • Go to page 2216
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE