U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): xss
  • Search Type: Search All
There are 21,124 matching records.
Displaying matches 181 through 200.
Vuln ID Summary CVSS Severity
CVE-2022-41565

The Web Application component of TIBCO Software Inc.'s TIBCO EBX and TIBCO Product and Service Catalog powered by TIBCO EBX contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a stored XSS on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO EBX: versions 5.9.21 and below, versions 6.0.11 and below and TIBCO Product and Service Catalog powered by TIBCO EBX: versions 1.2.0 and below.

Published: February 22, 2023; 1:15:10 PM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-0949

Cross-site Scripting (XSS) - Reflected in GitHub repository modoboa/modoboa prior to 2.0.5.

Published: February 22, 2023; 4:15:10 AM -0500
V3.1: 4.8 MEDIUM
V2.0:(not available)
CVE-2023-24081

Multiple stored cross-site scripting (XSS) vulnerabilities in Redrock Software TutorTrac before v4.2.170210 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the reason and location fields of the visits listing page.

Published: February 21, 2023; 6:15:11 PM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-25811

Uptime Kuma is a self-hosted monitoring tool. In versions prior to 1.20.0 the Uptime Kuma `name` parameter allows a persistent XSS attack. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Published: February 21, 2023; 4:15:11 PM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-25810

Uptime Kuma is a self-hosted monitoring tool. In versions prior to 1.20.0 the Uptime Kuma status page allows a persistent XSS attack. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Published: February 21, 2023; 4:15:11 PM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-22984

** UNSUPPORTED WHEN ASSIGNED ** A Vulnerability was discovered in Axis 207W network camera. There is a reflected XSS vulnerability in the web administration portal, which allows an attacker to execute arbitrary JavaScript via URL.

Published: February 21, 2023; 11:15:11 AM -0500
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2023-0934

Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.5.

Published: February 21, 2023; 10:15:12 AM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2021-32860

iziModal is a modal plugin with jQuery. Versions prior to 1.6.1 are vulnerable to cross-site scripting (XSS) when handling untrusted modal titles. An attacker who is able to influence the field `title` when creating a `iziModal` instance is able to supply arbitrary `html` or `javascript` code that will be rendered in the context of a user, potentially leading to `XSS`. Version 1.6.1 contains a patch for this issue

Published: February 21, 2023; 10:15:11 AM -0500
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2021-32859

The Baremetrics date range picker is a solution for selecting both date ranges and single dates from a single calender view. Versions 1.0.14 and prior are prone to cross-site scripting (XSS) when handling untrusted `placeholder` entries. An attacker who is able to influence the field `placeholder` when creating a `Calendar` instance is able to supply arbitrary `html` or `javascript` that will be rendered in the context of a user leading to XSS. There are no known patches for this issue.

Published: February 21, 2023; 10:15:11 AM -0500
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2021-32858

esdoc-publish-html-plugin is a plugin for the document maintenance software ESDoc. TheHTML sanitizer in esdoc-publish-html-plugin 1.1.2 and prior can be bypassed which may lead to cross-site scripting (XSS) issues. There are no known patches for this issue.

Published: February 21, 2023; 10:15:11 AM -0500
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2021-32857

Cockpit is a content management system that allows addition of content management functionality to any site. In versions 0.12.2 and prior, bad HTML sanitization in `htmleditor.js` may lead to cross-site scripting (XSS) issues. There are no known patches for this issue.

Published: February 21, 2023; 10:15:11 AM -0500
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2021-32856

Microweber is a drag and drop website builder and content management system. Versions 1.2.12 and prior are vulnerable to copy-paste cross-site scripting (XSS). For this particular type of XSS, the victim needs to be fooled into copying a malicious payload into the text editor. A fix was attempted in versions 1.2.9 and 1.2.12, but it is incomplete.

Published: February 21, 2023; 10:15:11 AM -0500
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2021-32855

Vditor is a browser-side Markdown editor. Versions prior to 3.8.7 are vulnerable to copy-paste cross-site scripting (XSS). For this particular type of XSS, the victim needs to be fooled into copying a malicious payload into the text editor. Version 3.8.7 contains a patch for this issue.

Published: February 21, 2023; 10:15:11 AM -0500
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2021-32854

textAngular is a text editor for Angular.js. Version 1.5.16 and prior are vulnerable to copy-paste cross-site scripting (XSS). For this particular type of XSS, the victim needs to be fooled into copying a malicious payload into the text editor. There are no known patches.

Published: February 21, 2023; 10:15:10 AM -0500
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2020-36656

The Spectra WordPress plugin before 1.15.0 does not sanitize user input as it reaches its style HTML attribute, allowing contributors to conduct stored XSS attacks via the plugin's Gutenberg blocks.

Published: February 21, 2023; 4:15:10 AM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-26235

JD-GUI 1.6.6 allows XSS via util/net/InterProcessCommunicationUtil.java.

Published: February 20, 2023; 7:15:11 PM -0500
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2022-3901

Prototype Pollution in Visioweb.js 1.10.6 allows attackers to execute XSS on the client system.

Published: February 20, 2023; 2:15:10 PM -0500
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2023-0902

A vulnerability was found in SourceCodester Simple Food Ordering System 1.0. It has been classified as problematic. This affects an unknown part of the file process_order.php. The manipulation of the argument order leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221451.

Published: February 18, 2023; 3:15:42 AM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2022-40348

Cross Site Scripting (XSS) vulnerability in Intern Record System version 1.0 in /intern/controller.php in 'name' and 'email' parameters, allows attackers to execute arbitrary code.

Published: February 17, 2023; 9:15:10 PM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-24769

Changedetection.io before v0.40.1.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the main page. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL parameter under the "Add a new change detection watch" function.

Published: February 17, 2023; 5:15:14 PM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)