U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): xss
  • Search Type: Search All
There are 20,434 matching records.
Displaying matches 621 through 640.
Vuln ID Summary CVSS Severity
CVE-2022-2729

Cross-site Scripting (XSS) - DOM in GitHub repository openemr/openemr prior to 7.0.0.1.

Published: August 09, 2022; 8:15:08 AM -0400
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2022-36266

In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a stored XSS vulnerability. As the binary file /home/www/cgi-bin/login.cgi does not check if the user is authenticated, a malicious actor can craft a specific request on the login.cgi endpoint that contains a base32 encoded XSS payload that will be accepted and stored. A successful attack will results in the injection of malicious scripts into the user settings page.

Published: August 08, 2022; 11:15:08 AM -0400
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2022-35493

A Cross-site scripting (XSS) vulnerability in json search parse and the json response in wrteam.in, eShop - Multipurpose Ecommerce Store Website version 3.0.4 allows remote attackers to inject arbitrary web script or HTML via the get_products?search parameter.

Published: August 08, 2022; 11:15:08 AM -0400
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2022-2701

A vulnerability classified as problematic was found in SourceCodester Simple E-Learning System. This vulnerability affects unknown code of the file /claire_blake. The manipulation of the argument Bio leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-205822 is the identifier assigned to this vulnerability.

Published: August 08, 2022; 9:15:08 AM -0400
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2022-2692

A vulnerability, which was classified as problematic, was found in SourceCodester Wedding Hall Booking System. This affects an unknown part of the file /whbs/admin/?page=user of the component Staff User Profile. The manipulation of the argument First Name/Last Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205815.

Published: August 06, 2022; 2:15:08 PM -0400
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2022-2691

A vulnerability, which was classified as problematic, has been found in SourceCodester Wedding Hall Booking System. Affected by this issue is some unknown functionality of the file /whbs/?page=manage_account of the component Profile Page. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-205814 is the identifier assigned to this vulnerability.

Published: August 06, 2022; 2:15:08 PM -0400
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2022-2690

A vulnerability classified as problematic was found in SourceCodester Wedding Hall Booking System. Affected by this vulnerability is an unknown functionality of the file /whbs/?page=my_bookings of the component Booking Form. The manipulation of the argument Remarks leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205813 was assigned to this vulnerability.

Published: August 06, 2022; 2:15:08 PM -0400
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2022-2689

A vulnerability classified as problematic has been found in SourceCodester Wedding Hall Booking System. Affected is an unknown function of the file /whbs/?page=contact_us of the component Contact Page. The manipulation of the argument Message leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205812.

Published: August 06, 2022; 2:15:08 PM -0400
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2022-35163

Complete Online Job Search System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the U_NAME parameter at /category/controller.php?action=edit.

Published: August 05, 2022; 5:15:09 PM -0400
V3.1: 4.8 MEDIUM
V2.0:(not available)
CVE-2022-35162

Complete Online Job Search System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the CATEGORY parameter at /category/controller.php?action=edit.

Published: August 05, 2022; 5:15:09 PM -0400
V3.1: 4.8 MEDIUM
V2.0:(not available)
CVE-2022-2685

A vulnerability was found in SourceCodester Interview Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /addQuestion.php. The manipulation of the argument question with the input <script>alert(1)</script> leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205673 was assigned to this vulnerability.

Published: August 05, 2022; 5:15:08 PM -0400
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2022-2684

A vulnerability has been found in SourceCodester Apartment Visitor Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /manage-apartment.php. The manipulation of the argument Apartment Number with the input <script>alert(1)</script> leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205672.

Published: August 05, 2022; 5:15:08 PM -0400
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2022-2683

A vulnerability, which was classified as problematic, was found in SourceCodester Simple Food Ordering System 1.0. This affects an unknown part of the file /login.php. The manipulation of the argument email/password with the input "><ScRiPt>alert(1)</sCrIpT> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205671.

Published: August 05, 2022; 5:15:08 PM -0400
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2022-2682

A vulnerability, which was classified as problematic, has been found in SourceCodester Alphaware Simple E-Commerce System. Affected by this issue is some unknown functionality of the file stockin.php. The manipulation of the argument id with the input '"><script>alert(/xss/)</script> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-205670 is the identifier assigned to this vulnerability.

Published: August 05, 2022; 5:15:08 PM -0400
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2022-2681

A vulnerability classified as problematic was found in SourceCodester Online Student Admission System. Affected by this vulnerability is an unknown functionality of the file edit-profile.php of the component Student User Page. The manipulation with the input <script>alert(/xss/)</script> leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205669 was assigned to this vulnerability.

Published: August 05, 2022; 5:15:08 PM -0400
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2022-31663

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a reflected cross-site scripting (XSS) vulnerability. Due to improper user input sanitization, a malicious actor with some user interaction may be able to inject javascript code in the target user's window.

Published: August 05, 2022; 12:15:12 PM -0400
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2022-2500

A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1. A stored XSS flaw in job error messages allows attackers to perform arbitrary actions on behalf of victims at client side.

Published: August 05, 2022; 12:15:12 PM -0400
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2021-46681

A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via module massive operation name field.

Published: August 05, 2022; 12:15:11 PM -0400
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2021-46680

A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via the module form name field.

Published: August 05, 2022; 12:15:11 PM -0400
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2021-46679

A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via service elements.

Published: August 05, 2022; 12:15:11 PM -0400
V3.1: 6.1 MEDIUM
V2.0:(not available)