Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): xss
  • Search Type: Search Last 3 Years
There are 5,678 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2020-20508

Shopkit v2.7 contains a reflective cross-site scripting (XSS) vulnerability in the /account/register component, which allows attackers to hijack user credentials via a crafted payload in the E-Mail text field.

Published: September 24, 2021; 6:15:08 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2016-6556

OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP agent supplied data. By creating a malicious SNMP 'sysName' or 'sysContact' response, an attacker can store an XSS payload which will trigger when a user of the web UI views the data. This issue was fixed in version 18.0.2, released on September 20, 2016.

Published: September 24, 2021; 5:15:07 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2016-6555

OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP trap supplied data. By creating a malicious SNMP trap, an attacker can store an XSS payload which will trigger when a user of the web UI views the events list page. This issue was fixed in version 18.0.2, released on September 20, 2016.

Published: September 24, 2021; 5:15:07 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-40310

OpenSIS Community Edition version 8.0 is affected by a cross-site scripting (XSS) vulnerability in the TakeAttendance.php via the cp_id_miss_attn parameter.

Published: September 24, 2021; 12:15:08 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-40100

An issue was discovered in Concrete CMS through 8.5.5. Stored XSS can occur in Conversations when the Active Conversation Editor is set to Rich Text.

Published: September 24, 2021; 11:15:08 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-19950

A cross-site scripting (XSS) vulnerability in the /banner/add.html component of YzmCMS v5.3 allows attackers to execute arbitrary web scripts or HTML.

Published: September 23, 2021; 4:15:07 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-19949

A cross-site scripting (XSS) vulnerability in the /link/add.html component of YzmCMS v5.3 allows attackers to execute arbitrary web scripts or HTML.

Published: September 23, 2021; 4:15:07 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-36873

Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in WordPress iQ Block Country plugin (versions <= 1.2.11). Vulnerable parameter: &blockcountry_blockmessage.

Published: September 23, 2021; 1:15:12 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-36823

Authenticated Stored Cross-Site Scripting (XSS) vulnerability in WordPress Absolutely Glamorous Custom Admin plugin (versions <= 6.8). Stored XSS possible via unsanitized input fields of the plugin settings, some of the payloads could make the frontend and the backend inaccessible.

Published: September 23, 2021; 1:15:12 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-36872

Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in WordPress Popular Posts plugin (versions <= 5.3.3). Vulnerable at &widget-wpp[2][post_type].

Published: September 23, 2021; 11:15:07 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-23481

CMS Made Simple 2.2.14 was discovered to contain a cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Field Definition text field.

Published: September 22, 2021; 4:15:08 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-39404

MaianAffiliate v1.0 allows an authenticated administrative user to save an XSS to the database.

Published: September 22, 2021; 9:15:07 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-41086

jsuites is an open source collection of common required javascript web components. In affected versions users are subject to cross site scripting (XSS) attacks via clipboard content. jsuites is vulnerable to DOM based XSS if the user can be tricked into copying _anything_ from a malicious and pasting it into the html editor. This is because a part of the clipboard content is directly written to `innerHTML` allowing for javascript injection and thus XSS. Users are advised to update to version 4.9.11 to resolve.

Published: September 21, 2021; 5:15:07 PM -0400
V3.1: 8.7 HIGH
V2.0:(not available)
CVE-2020-19554

Cross Site Scripting (XSS) vulnerability exists in ManageEngine OPManager <=12.5.174 when the API key contains an XML-based XSS payload.

Published: September 21, 2021; 4:15:07 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-19553

Cross Site Scripting (XSS) vlnerability exists in WUZHI CMS up to and including 4.1.0 in the config function in coreframe/app/attachment/libs/class/ckditor.class.php.

Published: September 21, 2021; 3:15:07 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-40868

In Cloudron 6.2, the returnTo parameter on the login page is vulnerable to Reflected XSS.

Published: September 21, 2021; 1:15:09 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-20829

Cross-site scripting vulnerability due to the inadequate tag sanitization in GROWI versions v4.2.19 and earlier allows remote attackers to execute an arbitrary script on the web browser of the user who accesses a specially crafted page.

Published: September 21, 2021; 6:15:07 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-19915

Cross Site Scripting (XSS vulnerability exists in WUZHI CMS 4.1.0 via the mailbox username in index.php.

Published: September 20, 2021; 3:15:07 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-39402

MaianAffiliate v.1.0 is suffers from code injection by adding a new product via the admin panel. The injected payload is reflected on the affiliate main page for all authenticated and unauthenticated visitors.

Published: September 20, 2021; 11:15:08 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-24618

The Donate With QRCode WordPress plugin before 1.4.5 does not sanitise or escape its QRCode Image setting, which result into a Stored Cross-Site Scripting (XSS). Furthermore, the plugin also does not have any CSRF and capability checks in place when saving such setting, allowing any authenticated user (as low as subscriber), or unauthenticated user via a CSRF vector to update them and perform such attack.

Published: September 20, 2021; 6:15:09 AM -0400
V3.x:(not available)
V2.0:(not available)