• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-79

CVE-2022-0233

February 23, 2023 by

The ProfileGrid – User Profiles, Memberships, Groups and Communities WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the pm_user_avatar and pm_cover_image parameters found in the ~/admin/class-profile-magic-admin.php file which allows attackers with authenticated user access, such as subscribers, to inject arbitrary web scripts into their profile, in versions up to and including 1.2.7.

CVE-2022-0234

February 23, 2023 by

The WOOCS WordPress plugin before 1.3.7.5 does not sanitise and escape the woocs_in_order_currency parameter of the woocs_get_products_price_html AJAX action (available to both unauthenticated and authenticated users) before outputting it back in the response, leading to a Reflected Cross-Site Scripting

CVE-2022-0243

February 23, 2023 by

Cross-site Scripting (XSS) – Stored in NuGet OrchardCore.Application.Cms.Targets prior to 1.2.2.

CVE-2022-0248

February 23, 2023 by

The Contact Form Submissions WordPress plugin before 1.7.3 does not sanitise and escape additional fields in contact form requests before outputting them in the related submission. As a result, unauthenticated attacker could perform Cross-Site Scripting attacks against admins viewing the malicious submission

CVE-2022-0250

February 23, 2023 by

The Redirection for Contact Form 7 WordPress plugin before 2.5.0 does not escape a link generated before outputting it in an attribute, leading to a Reflected Cross-Site Scripting

CVE-2022-0251

February 23, 2023 by

Cross-site Scripting (XSS) – Stored in GitHub repository pimcore/pimcore prior to 10.2.10.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 2167
  • Go to page 2168
  • Go to page 2169
  • Go to page 2170
  • Go to page 2171
  • Interim pages omitted …
  • Go to page 2216
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE