CVE-2022-2099

The WooCommerce WordPress plugin before 6.6.0 is vulnerable to stored HTML injection due to lack of escaping and sanitizing in the payment gateway titles

Publication date: Sun, 17 Jul 2022 16:15:00 +0000

Cyber News related to CVE-2022-2099

CVE-2013-2098 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-2099. Reason: This candidate is a duplicate of CVE-2013-2099. Notes: All CVE users should reference CVE-2013-2099 instead of this candidate. All references and descriptions in ...
55 years ago Tenable.com

CVE-2023-0925 - Version 10.11 of webMethods OneData runs an embedded instance of Azul Zulu Java 11.0.15 which hosts a Java RMI registry (listening on TCP port 2099 by default) and two RMI interfaces (listening on a single, dynamically assigned TCP high port). ...
1 year ago

CVE-2022-2099 - The WooCommerce WordPress plugin before 6.6.0 is vulnerable to stored HTML injection due to lack of escaping and sanitizing in the payment gateway titles ...
1 year ago

CVE-2011-2098 - Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than ...
7 years ago

CVE-2011-2099 - Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than ...
7 years ago

CVE-2002-2099 - Buffer overflow in the GNU DataDisplay Debugger (DDD) 3.3.1 allows local users to execute arbitrary code and possibly gain privileges via a long HOME environment variable. NOTE: since DDD is not installed setuid or setgid, perhaps this issue should ...
7 years ago

CVE-2010-2099 - bbcode/php.bb in e107 0.7.20 and earlier does not perform access control checks for all inputs that could contain the php bbcode tag, which allows remote attackers to execute arbitrary PHP code, as demonstrated using the toEmail method in ...
14 years ago

CVE-2014-2099 - The msrle_decode_frame function in libavcodec/msrle.c in FFmpeg before 2.1.4 does not properly calculate line sizes, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via ...
10 years ago

CVE-2004-2099 - Buffer overflow in Need for Speed Hot Pursuit 2.0 client (NFSHP2), version 242 and earlier, allows remote attackers (servers) to execute arbitrary code via long (1) gamename, (2) gamever, (3) hostname, (4) gametype, (5) mapname or (6) gamemode ...
7 years ago

CVE-2012-2099 - Multiple cross-site scripting (XSS) vulnerabilities in Wikidforum 2.10 allow remote attackers to inject arbitrary web script or HTML via the (1) search field, or the (2) Author or (3) select_sort parameters in an advanced search. ...
7 years ago

CVE-2009-2099 - SQL injection vulnerability in the iJoomla RSS Feeder (com_ijoomla_rss) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in an xml action to index.php. ...
7 years ago

CVE-2008-2099 - Unspecified vulnerability in VMCI in VMware Workstation 6 before 6.0.4 build 93057, VMware Player 2 before 2.0.4 build 93057, and VMware ACE 2 before 2.0.2 build 93057 on Windows allows guest OS users to execute arbitrary code on the host OS via ...
6 years ago

CVE-2007-2099 - Cross-site scripting (XSS) vulnerability in htdocs/php.php in OpenConcept Back-End CMS 0.4.7 allows remote attackers to inject arbitrary web script or HTML via the page[] parameter. ...
6 years ago

CVE-2006-2099 - Directory traversal vulnerability in UltraISO 8.0.0.1392 allows remote attackers to write arbitrary files via a .. (dot dot) in a filename in an ISO image. ...
6 years ago

CVE-2005-2099 - The Linux kernel before 2.6.12.5 does not properly destroy a keyring that is not instantiated properly, which allows local users or remote attackers to cause a denial of service (kernel oops) via a keyring with a payload that is not empty, which ...
6 years ago

CVE-2016-2099 - Use-after-free vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 3.1.3 and earlier allows context-dependent attackers to have unspecified impact via an invalid character in an XML document. <a ...
6 years ago

CVE-2019-2099 - In nfa_rw_store_ndef_rx_buf of nfa_rw_act.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for ...
5 years ago

CVE-2017-2099 - Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.0 and earlier allows remote code execution via unspecified vectors. ...
5 years ago

CVE-2021-2099 - Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network ...
3 years ago

CVE-2015-2099 - Multiple buffer overflows in WebGate Control Center allow remote attackers to execute arbitrary code via unspecified vectors to the (1) GetRecFileInfo function in the FileConverter.FileConverterCtrl.1 control, (2) Login function in the ...
3 years ago

CVE-2013-2099 - Algorithmic complexity vulnerability in the ssl.match_hostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of python-backports-ssl_match_hostname as used for older Python versions, allows remote attackers to cause a denial ...
1 year ago

CVE-2023-2099 - A vulnerability classified as problematic has been found in SourceCodester Vehicle Service Management System 1.0. This affects an unknown part of the file /classes/Users.php. The manipulation of the argument id leads to cross site scripting. It is ...
1 year ago

CVE-2020-2099 - Jenkins 2.213 and earlier, LTS 2.204.1 and earlier improperly reuses encryption key parameters in the Inbound TCP Agent Protocol/3, allowing unauthorized attackers with knowledge of agent names to obtain the connection secrets for those agents, which ...
1 year ago

CVE-2018-2099 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none ...
55 years ago Tenable.com

31 Alarming Identity Theft Statistics for 2024 - Identity theft is a prevalent issue that affects millions of people annually. Although the numbers are startling, we've selected the 31 most concerning identity theft statistics to help you understand how to secure your identity. In 2022, the FTC ...
1 year ago Pandasecurity.com

Latest Cyber News

CVE-2024-11848 - 4 hours ago
CVE-2024-11851 - 4 hours ago
CVE-2024-12593 - 4 hours ago
CVE-2025-0439 - 5 hours ago
CVE-2025-0440 - 5 hours ago
CVE-2025-0441 - 5 hours ago
CVE-2025-0442 - 5 hours ago
CVE-2025-0443 - 5 hours ago
CVE-2025-0446 - 5 hours ago
CVE-2025-0447 - 5 hours ago
CVE-2025-0448 - 5 hours ago
CVE-2024-35280 - 5 hours ago
CVE-2025-0193 - 5 hours ago
CVE-2025-0434 - 5 hours ago
CVE-2025-0435 - 5 hours ago
CVE-2025-0436 - 5 hours ago
CVE-2025-0437 - 5 hours ago
CVE-2025-0438 - 5 hours ago
CVE-2024-9636 - 6 hours ago
CVE-2024-10775 - 6 hours ago

Cyber Trends (last 7 days)

Okta - 1 year ago
23andMe - 1 year ago
Kimsuky - 1 year ago
LogoFAIL - 1 year ago
Gh0st rat - 1 year ago

Trending Cyber News (last 7 days)

CVE-2023-37931 - 1 day ago
CVE-2023-37936 - 1 day ago
CVE-2023-37937 - 1 day ago
CVE-2023-42785 - 1 day ago
CVE-2023-42786 - 1 day ago
CVE-2023-46715 - 1 day ago
CVE-2024-11497 - 1 day ago
CVE-2024-11863 - 1 day ago
CVE-2024-11864 - 1 day ago
CVE-2024-21758 - 1 day ago
CVE-2024-23106 - 1 day ago
CVE-2024-26012 - 1 day ago
CVE-2024-27778 - 1 day ago
CVE-2024-32115 - 1 day ago
CVE-2024-33502 - 1 day ago
CVE-2024-33503 - 1 day ago
CVE-2024-35273 - 1 day ago
CVE-2024-35275 - 1 day ago
CVE-2024-35276 - 1 day ago
CVE-2024-35277 - 1 day ago