Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sanitize project sanitize vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-4049
The WP User WordPress plugin up to and including 7.0 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users.
Wp User Project Wp User
4.3
CVSSv2
CVE-2022-0620
The Delete Old Orders WordPress plugin up to and including 0.2 does not sanitize and escape the date parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.
Deleteoldorders Project Delete Old Orders
4.3
CVSSv2
CVE-2021-23416
This affects all versions of package curly-bracket-parser. When used as a template library, it does not properly sanitize the user input.
Curly-bracket-parser Project Curly-bracket-parser
3.5
CVSSv2
CVE-2018-8156
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoin...
Microsoft Project Server 2010
Microsoft Project Server 2013
Microsoft Sharepoint Server 2016
6.5
CVSSv2
CVE-2020-25379
Wordpress Plugin Store / Mike Rooijackers Recall Products V0.8 fails to sanitize input from the 'Manufacturer[]' parameter which allows an authenticated malicious user to inject a malicious SQL query.
Recall-products Project Recall-products 0.8
7.5
CVSSv2
CVE-2019-16699
The sr_freecap (aka freeCap CAPTCHA) extension 2.4.5 and below and 2.5.2 and below for TYPO3 fails to sanitize user input, which allows execution of arbitrary Extbase actions, resulting in Remote Code Execution.
Sr Freecap Project Sr Freecap
4.3
CVSSv2
CVE-2017-16015
Forms is a library for easily creating HTML forms. Versions prior to 1.3.0 did not have proper html escaping. This means that if the application did not sanitize html on behalf of forms, use of forms may be vulnerable to cross site scripting
Forms Project Forms
NA
CVE-2022-3753
The Evaluate WordPress plugin up to and including 1.0 does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in mu...
Evaluate Project Evaluate
NA
CVE-2023-0422
The Article Directory WordPress plugin up to and including 1.3 does not properly sanitize the `publish_terms_text` setting before displaying it in the administration panel, which may enable administrators to conduct Stored XSS attacks in multisite contexts.
Article Directory Project Article Directory
3.5
CVSSv2
CVE-2021-25005
The SEUR Oficial WordPress plugin prior to 1.7.0 does not sanitize and escape some of its settings allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
Seur Oficial Project Seur Oficial
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120
CVE-2024-35921
CVE-2024-35874
brute force
CVE-2024-36080
unprivileged
CVE-2024-35917
IDOR
CVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »