Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

CVE-2022-28874: Security advisories

Multiple Denial-of-Service vulnerabilities was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed PE32-bit files cause memory corruption and heap buffer overflow which eventually can crash the scanning engine. The exploit can be triggered remotely by an attacker.

CVE
Open in Source
#xss#csrf#vulnerability#web#ios#android#windows#apple#microsoft#linux#dos#java#rce#buffer_overflow
CVE-2022-1825: Reflected XSS in providence

Cross-site Scripting (XSS) - Reflected in GitHub repository collectiveaccess/providence prior to 1.8.

CVE-2022-1558: WordPress Curtain 1.0.2 Cross Site Scripting ≈ Packet Storm

The Curtain WordPress plugin through 1.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed

CVE-2022-1547

The Check & Log Email WordPress plugin before 1.0.6 does not sanitise and escape a parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting

CVE-2022-1320

The Sliderby10Web WordPress plugin before 1.2.52 does not properly sanitize and escape some of its settings, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

CVE-2022-1298

The Tabs WordPress plugin before 2.2.8 does not sanitise and escape Tab descriptions, which could allow high privileged users with a role as low as editor to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

CVE-2022-1268

The Donate Extra WordPress plugin through 2.02 does not sanitise and escape a parameter before outputting it back in the response, leading to a Reflected cross-Site Scripting

CVE-2022-1221

The Gwyn's Imagemap Selector WordPress plugin through 0.3.3 does not sanitise and escape some parameters before outputting them back in attributes, leading to a Reflected Cross-Site Scripting.

CVE-2022-1218

The Domain Replace WordPress plugin through 1.3.8 does not sanitise and escape a parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting

CVE-2022-1192

The Turn off all comments WordPress plugin through 1.0 does not sanitise and escape the rows parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting