Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): xss
- Search Type: Search All
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2021-32302 |
Cross Site Scripting vulnerability in IRZ Electronics RUH2 GSM router allows attacker to obtain sensitive information via the Upload File parameter. Published: February 27, 2023; 9:15:10 AM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-1042 |
A vulnerability has been found in SourceCodester Online Pet Shop We App 1.0 and classified as problematic. This vulnerability affects unknown code of the file /pet_shop/admin/orders/update_status.php. The manipulation of the argument oid with the input 1"><script>alert(1111)</script> leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221800. Published: February 26, 2023; 8:15:10 AM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-1041 |
A vulnerability, which was classified as problematic, was found in SourceCodester Simple Responsive Tourism Website 1.0. This affects an unknown part of the file /tourism/rate_review.php. The manipulation of the argument id with the input 1"><script>alert(1111)</script> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221799. Published: February 26, 2023; 7:15:11 AM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-1036 |
A vulnerability was found in SourceCodester Dental Clinic Appointment Reservation System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /APR/signup.php of the component POST Parameter Handler. The manipulation of the argument firstname leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-221794 is the identifier assigned to this vulnerability. Published: February 26, 2023; 7:15:10 AM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-26091 |
The frp_form_answers (aka Forms Export) extension before 3.1.2, and 4.x before 4.0.2, for TYPO3 allows XSS via saved emails. Published: February 26, 2023; 12:15:10 AM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-1030 |
A vulnerability has been found in SourceCodester Online Boat Reservation System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /boat/login.php of the component POST Parameter Handler. The manipulation of the argument un leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221755. Published: February 24, 2023; 3:15:16 PM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2022-48345 |
sanitize-url (aka @braintree/sanitize-url) before 6.0.2 allows XSS via HTML entities. Published: February 24, 2023; 1:15:11 AM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-0995 |
Cross-site Scripting (XSS) - Stored in GitHub repository unilogies/bumsys prior to v2.0.1. Published: February 23, 2023; 10:15:11 PM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-46785 |
SquaredUp Dashboard Server SCOM edition before 5.7.1 GA allows XSS (issue 1 of 2). Published: February 23, 2023; 5:15:11 PM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-23917 |
A prototype pollution vulnerability exists in Rocket.Chat server <5.2.0 that could allow an attacker to a RCE under the admin account. Any user can create their own server in your cloud and become an admin so this vulnerability could affect the cloud infrastructure. This attack vector also may increase the impact of XSS to RCE which is dangerous for self-hosted users as well. Published: February 23, 2023; 3:15:13 PM -0500 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2022-46786 |
SquaredUp Dashboard Server SCOM edition before 5.7.1 GA allows XSS (issue 2 of 2). Published: February 23, 2023; 3:15:12 PM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-0987 |
A vulnerability classified as problematic was found in SourceCodester Online Pizza Ordering System 1.0. This vulnerability affects unknown code of the file index.php?page=checkout. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221680. Published: February 23, 2023; 11:15:11 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-48344 |
In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the group creation process. Published: February 23, 2023; 11:15:11 AM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2022-48343 |
In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the user creation process. Published: February 23, 2023; 11:15:11 AM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-22972 |
A Reflected Cross-site scripting (XSS) vulnerability in interface/forms/eye_mag/php/eye_mag_functions.php in OpenEMR < 7.0.0 allows remote authenticated users to inject arbitrary web script or HTML via the REQUEST_URI. Published: February 22, 2023; 4:15:11 PM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-29273 |
pfSense CE through 2.6.0 and pfSense Plus before 22.05 allow XSS in the WebGUI via URL Table Alias URL parameters. Published: February 22, 2023; 4:15:11 PM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-0966 |
A vulnerability classified as problematic was found in SourceCodester Online Eyewear Shop 1.0. Affected by this vulnerability is an unknown functionality of the file admin/?page=orders/view_order. The manipulation of the argument id leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221635. Published: February 22, 2023; 3:15:12 PM -0500 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2023-26214 |
The BusinessConnect UI component of TIBCO Software Inc.'s TIBCO BusinessConnect contains easily exploitable Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker with network access to execute scripts targeting the affected system or the victim's local system. Affected releases are TIBCO Software Inc.'s TIBCO BusinessConnect: versions 7.3.0 and below. Published: February 22, 2023; 1:15:10 PM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-41567 |
The BusinessConnect UI component of TIBCO Software Inc.'s TIBCO BusinessConnect contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a cross-site scripting (XSS) attack on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO BusinessConnect: versions 7.3.0 and below. Published: February 22, 2023; 1:15:10 PM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-41566 |
The server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute stored XSS on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions 5.6.0 and below. Published: February 22, 2023; 1:15:10 PM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |