Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sanitize project sanitize vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-2470
The Add to Feedly WordPress plugin up to and including 1.2.11 does not sanitize and escape its settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Add To Feedly Project Add To Feedly
NA
CVE-2023-2009
Plugin does not sanitize and escape the URL field in the Pretty Url WordPress plugin up to and including 1.5.4 settings, which could allow high-privilege users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in mu...
Pretty Url Project Pretty Url
NA
CVE-2023-1861
The Limit Login Attempts WordPress plugin up to and including 1.7.2 does not sanitize and escape usernames when outputting them back in the logs dashboard, which could allow any authenticated users, such as subscriber to perform Stored Cross-Site Scripting attacks
Limit Login Attempts Project Limit Login Attempts
NA
CVE-2023-0388
The Random Text WordPress plugin up to and including 0.3.0 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscribers.
Random Text Project Random Text
NA
CVE-2023-0422
The Article Directory WordPress plugin up to and including 1.3 does not properly sanitize the `publish_terms_text` setting before displaying it in the administration panel, which may enable administrators to conduct Stored XSS attacks in multisite contexts.
Article Directory Project Article Directory
NA
CVE-2023-26265
The Borg theme prior to 1.1.19 for Backdrop CMS does not sufficiently sanitize path arguments that are passed in via a URL. The function borg_preprocess_page in the file template.php does not properly sanitize incoming path arguments before using them.
Borg Project Borg
NA
CVE-2022-4306
The Panda Pods Repeater Field WordPress plugin prior to 1.5.4 does not sanitize and escapes a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against a user having at least Contributor permission.
Panda Pods Repeater Field Project Panda Pods Repeater Field
NA
CVE-2022-48285
loadAsync in JSZip prior to 3.8.0 allows Directory Traversal via a crafted ZIP archive.
Jszip Project Jszip
NA
CVE-2023-23627
Sanitize is an allowlist-based HTML and CSS sanitizer. Versions 5.0.0 and later, before 6.0.1, are vulnerable to Cross-site Scripting. When Sanitize is configured with a custom allowlist that allows `noscript` elements, attackers are able to include arbitrary HTML, resulting in X...
Sanitize Project Sanitize
NA
CVE-2023-22726
act is a project which allows for local running of github actions. The artifact server that stores artifacts from Github Action runs does not sanitize path inputs. This allows an malicious user to download and overwrite arbitrary files on the host from a Github Action. This issue...
Act Project Act
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »