U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): xss
  • Search Type: Search All
There are 20,823 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2023-22849

An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.4 and prior may allow an authenticated remote attacker to perform a reflected cross-site scripting (XSS) attack in multiple features. Upgrade to Apache Sling App CMS >= 1.1.6

Published: February 04, 2023; 4:15:09 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2023-0677

Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/phpipam prior to v1.5.1.

Published: February 04, 2023; 8:15:12 AM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2023-0676

Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/phpipam prior to 1.5.1.

Published: February 04, 2023; 8:15:12 AM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2022-42908

WEPA Print Away is vulnerable to a stored XSS. It does not properly sanitize uploaded filenames, allowing an attacker to deceive a user into uploading a document with a malicious filename, which will be included in subsequent HTTP responses, allowing a stored XSS to occur. This attack is persistent across victim sessions.

Published: February 03, 2023; 2:15:12 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2021-37518

Universal Cross Site Scripting (UXSS) vulnerability in Vimium Extension 1.66 and earlier allows remote attackers to run arbitrary code via omnibar feature.

Published: February 03, 2023; 1:15:13 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2021-37502

Cross Site Scripting (XSS) vulnerability in automad 1.7.5 allows remote attackers to run arbitrary code via the user name field when adding a user.

Published: February 03, 2023; 1:15:13 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2021-37379

** UNSUPPORTED WHEN ASSIGNED ** Cross Site Scripting (XSS) vulnerability in Teradek Sphere all firmware versions allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has reached End of Life and will not be receiving any firmware updates to address this issue.

Published: February 03, 2023; 1:15:13 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2021-37378

** UNSUPPORTED WHEN ASSIGNED ** Cross Site Scripting (XSS) vulnerability in Teradek Cube and Cube Pro firmware version 7.3.x and earlier allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has reached End of Life and will not be receiving any firmware updates to address this issue.

Published: February 03, 2023; 1:15:13 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2021-37377

** UNSUPPORTED WHEN ASSIGNED ** Cross Site Scripting (XSS) vulnerability in Teradek Brik firmware version 7.2.x and earlier allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has reached End of Life and will not be receiving any firmware updates to address this issue.

Published: February 03, 2023; 1:15:13 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2021-37376

** UNSUPPORTED WHEN ASSIGNED ** Cross Site Scripting (XSS) vulnerability in Teradek Bond, Bond 2 and Bond Pro firmware version 7.3.x and earlier allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has reached End of Life and will not be receiving any firmware updates to address this issue.

Published: February 03, 2023; 1:15:12 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2021-37375

** UNSUPPORTED WHEN ASSIGNED ** Cross Site Scripting (XSS) vulnerability in Teradek VidiU / VidiU Mini firmware version 3.0.8 and earlier allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has reached End of Life and will not be receiving any firmware updates to address this issue.

Published: February 03, 2023; 1:15:12 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2021-37374

** UNSUPPORTED WHEN ASSIGNED ** Cross Site Scripting (XSS) vulnerability in Teradek Clip all firmware versions allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has reached End of Life and will not be receiving any firmware updates to address this issue.

Published: February 03, 2023; 1:15:12 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2021-37373

** UNSUPPORTED WHEN ASSIGNED ** Cross Site Scripting (XSS) vulnerability in Teradek Slice 1st generation firmware 7.3.x and earlier allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has reached End of Life and will not be receiving any firmware updates to address this issue.

Published: February 03, 2023; 1:15:12 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2021-36712

Cross Site Scripting (XSS) vulnerability in yzmcms 6.1 allows attackers to steal user cookies via image clipping function.

Published: February 03, 2023; 1:15:11 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2021-36545

Cross Site Scripting (XSS) vulnerability in tpcms 3.2 allows remote attackers to run arbitrary code via the cfg_copyright or cfg_tel field in Site Configuration page.

Published: February 03, 2023; 1:15:11 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2021-36538

Cross Site Scripting (XSS) vulnerability in Gurock TestRail before 7.1.2 allows remote authenticated attackers to run arbitrary code via the reference field in milestones or description fields in reports.

Published: February 03, 2023; 1:15:10 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2023-22975

jfinal_cms 5.1.0 is vulnerable to Cross Site Scripting (XSS).

Published: February 03, 2023; 12:15:09 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2023-23636

In Jellyfin 10.8.x through 10.8.3, the name of a playlist is vulnerable to stored XSS. This allows an attacker to steal access tokens from the localStorage of the victim.

Published: February 02, 2023; 8:15:14 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2023-23635

In Jellyfin 10.8.x through 10.8.3, the name of a collection is vulnerable to stored XSS. This allows an attacker to steal access tokens from the localStorage of the victim.

Published: February 02, 2023; 8:15:14 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2022-47131

A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows an attacker to arbitrarily create a page.

Published: February 02, 2023; 8:15:12 PM -0500
V3.x:(not available)
V2.0:(not available)