Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sanitize project sanitize vulnerabilities and exploits
(subscribe to this query)
4.8
CVSSv3
CVE-2021-25005
The SEUR Oficial WordPress plugin prior to 1.7.0 does not sanitize and escape some of its settings allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
Seur Oficial Project Seur Oficial
4.3
CVSSv3
CVE-2024-23900
Jenkins Matrix Project Plugin 822.v01b_8c85d16d2 and previous versions does not sanitize user-defined axis names of multi-configuration projects, allowing attackers with Item/Configure permission to create or replace any config.xml files on the Jenkins controller file system with...
Jenkins Matrix Project
4.8
CVSSv3
CVE-2022-2983
The Salat Times WordPress plugin prior to 3.2.2 does not sanitize and escapes its settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Salat Times Project Salat Times
8.8
CVSSv3
CVE-2023-0388
The Random Text WordPress plugin up to and including 0.3.0 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscribers.
Random Text Project Random Text
4.8
CVSSv3
CVE-2022-0737
The Text Hover WordPress plugin prior to 4.2 does not sanitize and escape the text to hover, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Text Hover Project Text Hover
7.8
CVSSv3
CVE-2014-5220
The mdcheck script of the mdadm package for openSUSE 13.2 prior to version 3.3.1-5.14.1 does not properly sanitize device names, which allows local malicious users to execute arbitrary commands as root.
Opensuse Opensuse 13.2
Mdadm Project Mdadm
6.1
CVSSv3
CVE-2022-3484
The WPB Show Core WordPress plugin does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting.
Wpb Show Core Project Wpb Show Core -
7.5
CVSSv3
CVE-2018-7032
webcheckout in myrepos up to and including 1.20171231 does not sanitize URLs that are passed to git clone, allowing a malicious website operator or a MitM malicious user to take advantage of it for arbitrary code execution, as demonstrated by an "ext::sh -c" attack or a...
Myrepos Project Myrepos
7.2
CVSSv3
CVE-2022-4370
The multimedial images WordPress plugin up to and including 1.0b does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin.
Multimedial Images Project Multimedial Images
4.8
CVSSv3
CVE-2022-1303
The Slide Anything WordPress plugin prior to 2.3.44 does not sanitize and escape sliders' description, which could allow high privilege users such as editor and above to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed
Slide Anything Project Slide Anything
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »