• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-80

CVE-2022-36325

February 23, 2023 by godfreyd94

Affected devices do not properly sanitize data introduced by an user when rendering the web interface. This could allow an authenticated remote attacker with administrative privileges to inject code and lead to a DOM-based XSS.

CVE-2022-36057

February 23, 2023 by godfreyd94

Discourse-Chat is an asynchronous messaging plugin for the Discourse open-source discussion platform. Users of Discourse Chat can be affected by admin users inserting HTML into chat titles and descriptions, causing a Cross-Site Scripting (XSS) attack. Version 0.9 contains a patch for this issue.

CVE-2023-22461

February 22, 2023 by godfreyd94

The `sanitize-svg` package, a small SVG sanitizer to prevent cross-site scripting attacks, uses a deny-list-pattern to sanitize SVGs to prevent XSS. In doing so, literal `