RockyLinux 9 : php:8.3 (RLSA-2026:22142)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:22142 advisory. PHP: PHP: Denial of Service via improper handling of signed characters in ctype functions CVE-2026-7258 PHP: PHP-FPM: PHP-FPM: Cross-Site Scripting...

CVE-2022-22142

Reflected cross-site scripting vulnerability in the checkbox of phpmailform versions prior to Version 1.40 allows a remote unauthenticated attacker to inject an arbitrary script via unspecified vectors...

CVE-2024-22142

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Cozmoslabs Profile Builder Pro allows Reflected XSS.This issue affects Profile Builder Pro: from n/a through 3.10.0...

CVE-2025-22142

CVE-2025-22142 concerns NamelessMC. The vulnerability allows cross-site scripting via an admin-enabled extra field where a user may inject JavaScript that executes when a staff member views the user’s profile on the staff panel. Affected version details are not all consistently stated across sour...

CVE-2025-22142 Cross-site Scripting in NamelessMC

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In affected versions an admin can add the ability to have users fill out an additional field and users can inject javascript code into it that would be activated once a staffer visits the user's profile on staff...

CVE-2025-22142 Cross-site Scripting in NamelessMC

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In affected versions an admin can add the ability to have users fill out an additional field and users can inject javascript code into it that would be activated once a staffer visits the user's profile on staff...

CVE-2024-22142

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Cozmoslabs Profile Builder Pro allows Reflected XSS.This issue affects Profile Builder Pro: from n/a through 3.10.0...

CVE-2024-22142

CVE-2024-22142 is a cross-site scripting (Reflected XSS) vulnerability in Cozmoslabs Profile Builder Pro (versions

CVE-2024-22142 WordPress Profile Builder Pro Plugin <= 3.10.0 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Cozmoslabs Profile Builder Pro allows Reflected XSS.This issue affects Profile Builder Pro: from n/a through 3.10.0...

CVE-2024-22142 WordPress Profile Builder Pro Plugin <= 3.10.0 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Cozmoslabs Profile Builder Pro allows Reflected XSS.This issue affects Profile Builder Pro: from n/a through 3.10.0...

WordPress Profile Builder Pro Plugin <= 3.10.0 is vulnerable to Cross Site Scripting (XSS)

Software Profile Builder Pro Type Plugin Vulnerable versions = 3.10.0 Fixed in 3.10.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-22142 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 458e79568c87 Credits Dave Jong Patchstack...

CVE-2021-22142 Kibana Reporting vulnerabilities

Kibana contains an embedded version of the Chromium browser that the Reporting feature uses to generate the downloadable reports. If a user with permissions to generate reports is able to render arbitrary HTML with this browser, they may be able to leverage known Chromium vulnerabilities to condu...

CVE-2021-22142

CVE-2021-22142 relates to Kibana Reporting using an embedded Chromium browser to render downloadable reports. The vulnerability arises if a user with report-generation permissions can render arbitrary HTML, potentially leveraging Chromium vulnerabilities; Kibana implements protections to limit co...

CVE-2022-22142

creationtimestamp| type| source ---|---|--- 2022-02-08 14:37:03+00:00| seen| https://t.me/cibsecurity/36992...

CVE-2022-22142

Reflected cross-site scripting vulnerability in the checkbox of phpmailform versions prior to Version 1.40 allows a remote unauthenticated attacker to inject an arbitrary script via unspecified vectors...

CVE-2022-22142

CVE-2022-22142 describes a reflected XSS in the checkbox handling of php_mailform prior to version 1.40. The root cause is insufficient cleaning of user-supplied data in checkboxes, allowing a remote, unauthenticated attacker to inject arbitrary script via crafted requests (unspecified vectors). ...

JVN#16690037: Multiple cross-site scripting vulnerabilities in php_mailform

phpmailform provided by econosys system contains multiple cross-site scripting vulnerabilities listed below. Reflected cross-site scripting vulnerability regarding the checkbox CWE-79 - CVE-2022-22142 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base...

Elastic Stack 7.13.0 and 6.8.16 Security Update

Kibana url redirection flaw ESA-2021-12 An open redirect flaw was found in Kibana versions before 7.13.0 and 6.8.16. If a logged in user visits a maliciously crafted URL, it could result in Kibana redirecting the user to an arbitrary website. Affected Versions: All versions of Kibana before 7.13....