Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sanitize project sanitize vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2019-10772
It is possible to bypass enshrined/svg-sanitize prior to 0.13.1 using the "xlink:href" attribute due to mishandling of the xlink namespace by the sanitizer.
Svg-sanitizer Project Svg-sanitizer
9.8
CVSSv3
CVE-2022-0773
The Documentor WordPress plugin up to and including 1.5.3 fails to sanitize and escape user input before it is being interpolated in an SQL statement and then executed, leading to an SQL Injection exploitable by unauthenticated users.
Documentor Project Documentor
9.8
CVSSv3
CVE-2022-4447
The Fontsy WordPress plugin up to and including 1.8.6 does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.
Fontsy Project Fontsy
4.8
CVSSv3
CVE-2021-24706
The Qwizcards – online quizzes and flashcards WordPress plugin prior to 3.62 does not properly sanitize and escape some of its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Qwizcards Project Qwizcards
4.8
CVSSv3
CVE-2022-1299
The Slideshow WordPress plugin up to and including 2.3.1 does not sanitize and escape some of its default slideshow settings, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
Slideshow Project Slideshow
4.8
CVSSv3
CVE-2022-1228
The Opensea WordPress plugin prior to 1.0.3 does not sanitize and escape some of its settings, like its "Referer address" field, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Opensea Project Opeansea
6.1
CVSSv3
CVE-2022-0619
The Database Peek WordPress plugin up to and including 1.2 does not sanitize and escape the match parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.
Database Peek Project Database Peek
6.1
CVSSv3
CVE-2022-0643
The Bank Mellat WordPress plugin up to and including 1.3.7 does not sanitize and escape the orderId parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.
Bank Mellat Project Bank Mellat
6.1
CVSSv3
CVE-2022-0647
The Bulk Creator WordPress plugin up to and including 1.0.1 does not sanitize and escape the post_type parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.
Bulk Creator Project Bulk Creator
5.4
CVSSv3
CVE-2018-8156
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoin...
Microsoft Project Server 2010
Microsoft Project Server 2013
Microsoft Sharepoint Server 2016
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »