Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): xss
- Search Type: Search All
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2022-41565 |
The Web Application component of TIBCO Software Inc.'s TIBCO EBX and TIBCO Product and Service Catalog powered by TIBCO EBX contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a stored XSS on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO EBX: versions 5.9.21 and below, versions 6.0.11 and below and TIBCO Product and Service Catalog powered by TIBCO EBX: versions 1.2.0 and below. Published: February 22, 2023; 1:15:10 PM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-0949 |
Cross-site Scripting (XSS) - Reflected in GitHub repository modoboa/modoboa prior to 2.0.5. Published: February 22, 2023; 4:15:10 AM -0500 |
V3.1: 4.8 MEDIUM V2.0:(not available) |
CVE-2023-24081 |
Multiple stored cross-site scripting (XSS) vulnerabilities in Redrock Software TutorTrac before v4.2.170210 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the reason and location fields of the visits listing page. Published: February 21, 2023; 6:15:11 PM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-25811 |
Uptime Kuma is a self-hosted monitoring tool. In versions prior to 1.20.0 the Uptime Kuma `name` parameter allows a persistent XSS attack. Users are advised to upgrade. There are no known workarounds for this vulnerability. Published: February 21, 2023; 4:15:11 PM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-25810 |
Uptime Kuma is a self-hosted monitoring tool. In versions prior to 1.20.0 the Uptime Kuma status page allows a persistent XSS attack. Users are advised to upgrade. There are no known workarounds for this vulnerability. Published: February 21, 2023; 4:15:11 PM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-22984 |
** UNSUPPORTED WHEN ASSIGNED ** A Vulnerability was discovered in Axis 207W network camera. There is a reflected XSS vulnerability in the web administration portal, which allows an attacker to execute arbitrary JavaScript via URL. Published: February 21, 2023; 11:15:11 AM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-0934 |
Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.5. Published: February 21, 2023; 10:15:12 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2021-32860 |
iziModal is a modal plugin with jQuery. Versions prior to 1.6.1 are vulnerable to cross-site scripting (XSS) when handling untrusted modal titles. An attacker who is able to influence the field `title` when creating a `iziModal` instance is able to supply arbitrary `html` or `javascript` code that will be rendered in the context of a user, potentially leading to `XSS`. Version 1.6.1 contains a patch for this issue Published: February 21, 2023; 10:15:11 AM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2021-32859 |
The Baremetrics date range picker is a solution for selecting both date ranges and single dates from a single calender view. Versions 1.0.14 and prior are prone to cross-site scripting (XSS) when handling untrusted `placeholder` entries. An attacker who is able to influence the field `placeholder` when creating a `Calendar` instance is able to supply arbitrary `html` or `javascript` that will be rendered in the context of a user leading to XSS. There are no known patches for this issue. Published: February 21, 2023; 10:15:11 AM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2021-32858 |
esdoc-publish-html-plugin is a plugin for the document maintenance software ESDoc. TheHTML sanitizer in esdoc-publish-html-plugin 1.1.2 and prior can be bypassed which may lead to cross-site scripting (XSS) issues. There are no known patches for this issue. Published: February 21, 2023; 10:15:11 AM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2021-32857 |
Cockpit is a content management system that allows addition of content management functionality to any site. In versions 0.12.2 and prior, bad HTML sanitization in `htmleditor.js` may lead to cross-site scripting (XSS) issues. There are no known patches for this issue. Published: February 21, 2023; 10:15:11 AM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2021-32856 |
Microweber is a drag and drop website builder and content management system. Versions 1.2.12 and prior are vulnerable to copy-paste cross-site scripting (XSS). For this particular type of XSS, the victim needs to be fooled into copying a malicious payload into the text editor. A fix was attempted in versions 1.2.9 and 1.2.12, but it is incomplete. Published: February 21, 2023; 10:15:11 AM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2021-32855 |
Vditor is a browser-side Markdown editor. Versions prior to 3.8.7 are vulnerable to copy-paste cross-site scripting (XSS). For this particular type of XSS, the victim needs to be fooled into copying a malicious payload into the text editor. Version 3.8.7 contains a patch for this issue. Published: February 21, 2023; 10:15:11 AM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2021-32854 |
textAngular is a text editor for Angular.js. Version 1.5.16 and prior are vulnerable to copy-paste cross-site scripting (XSS). For this particular type of XSS, the victim needs to be fooled into copying a malicious payload into the text editor. There are no known patches. Published: February 21, 2023; 10:15:10 AM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2020-36656 |
The Spectra WordPress plugin before 1.15.0 does not sanitize user input as it reaches its style HTML attribute, allowing contributors to conduct stored XSS attacks via the plugin's Gutenberg blocks. Published: February 21, 2023; 4:15:10 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-26235 |
JD-GUI 1.6.6 allows XSS via util/net/InterProcessCommunicationUtil.java. Published: February 20, 2023; 7:15:11 PM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2022-3901 |
Prototype Pollution in Visioweb.js 1.10.6 allows attackers to execute XSS on the client system. Published: February 20, 2023; 2:15:10 PM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-0902 |
A vulnerability was found in SourceCodester Simple Food Ordering System 1.0. It has been classified as problematic. This affects an unknown part of the file process_order.php. The manipulation of the argument order leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221451. Published: February 18, 2023; 3:15:42 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-40348 |
Cross Site Scripting (XSS) vulnerability in Intern Record System version 1.0 in /intern/controller.php in 'name' and 'email' parameters, allows attackers to execute arbitrary code. Published: February 17, 2023; 9:15:10 PM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-24769 |
Changedetection.io before v0.40.1.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the main page. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL parameter under the "Add a new change detection watch" function. Published: February 17, 2023; 5:15:14 PM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |