CVE-2026-25022

CVE-2026-25022 involves the WordPress plugin KiviCare (Iqonic Design) up to version 3.6.16 with a Blind SQL Injection due to improper neutralization of SQL commands in the kivicare-clinic-management-system. Affected software: KiviCare WordPress plugin

CVE-2025-25022 IBM QRadar Suite Software and IBM Cloud Pak for Security information disclosure

IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow an unauthenticated user in the environment to obtain highly sensitive information in configuration files...

CVE-2020-25022

An issue was discovered in Noise-Java through 2020-08-27. AESGCMFallbackCipherState.encryptWithAd allows out-of-bounds access...

CVE-2018-25022

The Onion module in toxcore before 0.2.2 doesn't restrict which packets can be onion-routed, which allows a remote attacker to discover a target user's IP address when knowing only their Tox Id by positioning themselves close to target's Tox Id in the DHT for the target to establish an onion...

CVE-2019-25022

An issue was discovered in Scytl sVote 2.1. An attacker can inject code that gets executed by creating an election-event and injecting a payload over an event alias, because the application calls Runtime.getRuntime.exec without validation...

CVE-2023-25022

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Kiboko Labs Watu Quiz plugin = 3.3.8 versions...

CVE-2023-25022

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Kiboko Labs Watu Quiz plugin = 3.3.8 versions...

CVE-2023-25022 WordPress Watu Quiz Plugin <= 3.3.8 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Kiboko Labs Watu Quiz plugin = 3.3.8 versions...

CVE-2023-25022

CVE-2023-25022 affects the Kiboko Labs Watu Quiz WordPress plugin up to version 3.3.8. It is a Stored Cross-Site Scripting (XSS) vulnerability exploitable with admin+ privileges (authenticated). Root cause details are provided across sources: the issue is a stored XSS in the plugin that was fixed...

CVE-2023-25022 WordPress Watu Quiz Plugin <= 3.3.8 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Kiboko Labs Watu Quiz plugin = 3.3.8 versions...

SUSE CVE-2018-25022

The Onion module in toxcore before 0.2.2 doesn't restrict which packets can be onion-routed, which allows a remote attacker to discover a target user's IP address when knowing only their Tox Id by positioning themselves close to target's Tox Id in the DHT for the target to establish an onion...

WordPress Watu Quiz Plugin <= 3.3.8 is vulnerable to Cross Site Scripting (XSS)

Software Watu Quiz Type Plugin Vulnerable versions = 3.3.8 Fixed in 3.3.8.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25022 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID e168b8672ecd Credits yuyudhn Required privilege...

CVE-2022-25022

A cross-site scripting XSS vulnerability in Htmly v2.8.1 allows attackers to excute arbitrary web scripts HTML via a crafted payload in the content field of a blog post...

CVE-2022-25022

CVE-2022-25022 is a cross-site scripting (XSS) vulnerability in Htmly v2.8.1 where an attacker can inject arbitrary HTML/script via the blog post content field. Multiple connected records (including Red Hat, CNVD, OSV, and CNVD-style entries) corroborate this issue with consistent description: vu...

CVE-2021-25022

creationtimestamp| type| source ---|---|--- 2022-01-03 16:43:56+00:00| seen| https://t.me/cibsecurity/34847...

CVE-2021-25022 UpdraftPlus < 1.16.66 - Reflected Cross-Site Scripting

The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.16.66 does not sanitise and escape the backuptimestamp and jobid parameter before outputting then back in admin pages, leading to Reflected Cross-Site Scripting issues...

CVE-2021-25022

The CVE-2021-25022 entry concerns the UpdraftPlus WordPress Backup Plugin prior to version 1.16.66, where backup_timestamp and job_id are not properly sanitised/escaped when echoed back in admin pages, causing Reflected Cross-Site Scripting (XSS). Affected software: UpdraftPlus WordPress Backup P...

CVE-2021-25022 UpdraftPlus < 1.16.66 - Reflected Cross-Site Scripting

The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.16.66 does not sanitise and escape the backuptimestamp and jobid parameter before outputting then back in admin pages, leading to Reflected Cross-Site Scripting issues...

CVE-2018-25022

The Onion module in toxcore before 0.2.2 doesn't restrict which packets can be onion-routed, which allows a remote attacker to discover a target user's IP address when knowing only their Tox Id by positioning themselves close to target's Tox Id in the DHT for the target to establish an onion...

CVE-2018-25022

The Onion module in toxcore before 0.2.2 doesn't restrict which packets can be onion-routed, which allows a remote attacker to discover a target user's IP address when knowing only their Tox Id by positioning themselves close to target's Tox Id in the DHT for the target to establish an onion...