U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): xss
  • Search Type: Search All
There are 21,124 matching records.
Displaying matches 161 through 180.
Vuln ID Summary CVSS Severity
CVE-2021-32302

Cross Site Scripting vulnerability in IRZ Electronics RUH2 GSM router allows attacker to obtain sensitive information via the Upload File parameter.

Published: February 27, 2023; 9:15:10 AM -0500
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2023-1042

A vulnerability has been found in SourceCodester Online Pet Shop We App 1.0 and classified as problematic. This vulnerability affects unknown code of the file /pet_shop/admin/orders/update_status.php. The manipulation of the argument oid with the input 1"><script>alert(1111)</script> leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221800.

Published: February 26, 2023; 8:15:10 AM -0500
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2023-1041

A vulnerability, which was classified as problematic, was found in SourceCodester Simple Responsive Tourism Website 1.0. This affects an unknown part of the file /tourism/rate_review.php. The manipulation of the argument id with the input 1"><script>alert(1111)</script> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221799.

Published: February 26, 2023; 7:15:11 AM -0500
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2023-1036

A vulnerability was found in SourceCodester Dental Clinic Appointment Reservation System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /APR/signup.php of the component POST Parameter Handler. The manipulation of the argument firstname leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-221794 is the identifier assigned to this vulnerability.

Published: February 26, 2023; 7:15:10 AM -0500
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2023-26091

The frp_form_answers (aka Forms Export) extension before 3.1.2, and 4.x before 4.0.2, for TYPO3 allows XSS via saved emails.

Published: February 26, 2023; 12:15:10 AM -0500
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2023-1030

A vulnerability has been found in SourceCodester Online Boat Reservation System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /boat/login.php of the component POST Parameter Handler. The manipulation of the argument un leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221755.

Published: February 24, 2023; 3:15:16 PM -0500
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2022-48345

sanitize-url (aka @braintree/sanitize-url) before 6.0.2 allows XSS via HTML entities.

Published: February 24, 2023; 1:15:11 AM -0500
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2023-0995

Cross-site Scripting (XSS) - Stored in GitHub repository unilogies/bumsys prior to v2.0.1.

Published: February 23, 2023; 10:15:11 PM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2022-46785

SquaredUp Dashboard Server SCOM edition before 5.7.1 GA allows XSS (issue 1 of 2).

Published: February 23, 2023; 5:15:11 PM -0500
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2023-23917

A prototype pollution vulnerability exists in Rocket.Chat server <5.2.0 that could allow an attacker to a RCE under the admin account. Any user can create their own server in your cloud and become an admin so this vulnerability could affect the cloud infrastructure. This attack vector also may increase the impact of XSS to RCE which is dangerous for self-hosted users as well.

Published: February 23, 2023; 3:15:13 PM -0500
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2022-46786

SquaredUp Dashboard Server SCOM edition before 5.7.1 GA allows XSS (issue 2 of 2).

Published: February 23, 2023; 3:15:12 PM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-0987

A vulnerability classified as problematic was found in SourceCodester Online Pizza Ordering System 1.0. This vulnerability affects unknown code of the file index.php?page=checkout. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221680.

Published: February 23, 2023; 11:15:11 AM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2022-48344

In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the group creation process.

Published: February 23, 2023; 11:15:11 AM -0500
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2022-48343

In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the user creation process.

Published: February 23, 2023; 11:15:11 AM -0500
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2023-22972

A Reflected Cross-site scripting (XSS) vulnerability in interface/forms/eye_mag/php/eye_mag_functions.php in OpenEMR < 7.0.0 allows remote authenticated users to inject arbitrary web script or HTML via the REQUEST_URI.

Published: February 22, 2023; 4:15:11 PM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2022-29273

pfSense CE through 2.6.0 and pfSense Plus before 22.05 allow XSS in the WebGUI via URL Table Alias URL parameters.

Published: February 22, 2023; 4:15:11 PM -0500
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2023-0966

A vulnerability classified as problematic was found in SourceCodester Online Eyewear Shop 1.0. Affected by this vulnerability is an unknown functionality of the file admin/?page=orders/view_order. The manipulation of the argument id leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221635.

Published: February 22, 2023; 3:15:12 PM -0500
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2023-26214

The BusinessConnect UI component of TIBCO Software Inc.'s TIBCO BusinessConnect contains easily exploitable Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker with network access to execute scripts targeting the affected system or the victim's local system. Affected releases are TIBCO Software Inc.'s TIBCO BusinessConnect: versions 7.3.0 and below.

Published: February 22, 2023; 1:15:10 PM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2022-41567

The BusinessConnect UI component of TIBCO Software Inc.'s TIBCO BusinessConnect contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a cross-site scripting (XSS) attack on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO BusinessConnect: versions 7.3.0 and below.

Published: February 22, 2023; 1:15:10 PM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2022-41566

The server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute stored XSS on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions 5.6.0 and below.

Published: February 22, 2023; 1:15:10 PM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)