U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): xss
  • Search Type: Search All
There are 6,198 matching records.
Displaying matches 301 through 320.
Vuln ID Summary CVSS Severity
CVE-2022-48343

In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the user creation process.

Published: February 23, 2023; 11:15:11 AM -0500
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2022-29273

pfSense CE through 2.6.0 and pfSense Plus before 22.05 allow XSS in the WebGUI via URL Table Alias URL parameters.

Published: February 22, 2023; 4:15:11 PM -0500
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2022-41566

The server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute stored XSS on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions 5.6.0 and below.

Published: February 22, 2023; 1:15:10 PM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2022-41565

The Web Application component of TIBCO Software Inc.'s TIBCO EBX and TIBCO Product and Service Catalog powered by TIBCO EBX contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a stored XSS on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO EBX: versions 5.9.21 and below, versions 6.0.11 and below and TIBCO Product and Service Catalog powered by TIBCO EBX: versions 1.2.0 and below.

Published: February 22, 2023; 1:15:10 PM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-25811

Uptime Kuma is a self-hosted monitoring tool. In versions prior to 1.20.0 the Uptime Kuma `name` parameter allows a persistent XSS attack. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Published: February 21, 2023; 4:15:11 PM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-25810

Uptime Kuma is a self-hosted monitoring tool. In versions prior to 1.20.0 the Uptime Kuma status page allows a persistent XSS attack. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Published: February 21, 2023; 4:15:11 PM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-22984

** UNSUPPORTED WHEN ASSIGNED ** A Vulnerability was discovered in Axis 207W network camera. There is a reflected XSS vulnerability in the web administration portal, which allows an attacker to execute arbitrary JavaScript via URL.

Published: February 21, 2023; 11:15:11 AM -0500
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2021-32859

The Baremetrics date range picker is a solution for selecting both date ranges and single dates from a single calender view. Versions 1.0.14 and prior are prone to cross-site scripting (XSS) when handling untrusted `placeholder` entries. An attacker who is able to influence the field `placeholder` when creating a `Calendar` instance is able to supply arbitrary `html` or `javascript` that will be rendered in the context of a user leading to XSS. There are no known patches for this issue.

Published: February 21, 2023; 10:15:11 AM -0500
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2021-32856

Microweber is a drag and drop website builder and content management system. Versions 1.2.12 and prior are vulnerable to copy-paste cross-site scripting (XSS). For this particular type of XSS, the victim needs to be fooled into copying a malicious payload into the text editor. A fix was attempted in versions 1.2.9 and 1.2.12, but it is incomplete.

Published: February 21, 2023; 10:15:11 AM -0500
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2021-32855

Vditor is a browser-side Markdown editor. Versions prior to 3.8.7 are vulnerable to copy-paste cross-site scripting (XSS). For this particular type of XSS, the victim needs to be fooled into copying a malicious payload into the text editor. Version 3.8.7 contains a patch for this issue.

Published: February 21, 2023; 10:15:11 AM -0500
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2021-32854

textAngular is a text editor for Angular.js. Version 1.5.16 and prior are vulnerable to copy-paste cross-site scripting (XSS). For this particular type of XSS, the victim needs to be fooled into copying a malicious payload into the text editor. There are no known patches.

Published: February 21, 2023; 10:15:10 AM -0500
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2020-36656

The Spectra WordPress plugin before 1.15.0 does not sanitize user input as it reaches its style HTML attribute, allowing contributors to conduct stored XSS attacks via the plugin's Gutenberg blocks.

Published: February 21, 2023; 4:15:10 AM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-26235

JD-GUI 1.6.6 allows XSS via util/net/InterProcessCommunicationUtil.java.

Published: February 20, 2023; 7:15:11 PM -0500
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2022-3901

Prototype Pollution in Visioweb.js 1.10.6 allows attackers to execute XSS on the client system.

Published: February 20, 2023; 2:15:10 PM -0500
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2021-23980

A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True.

Published: February 16, 2023; 5:15:10 PM -0500
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2023-22638

Several improper neutralization of inputs during web page generation vulnerability [CWE-79] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.11 and below, 8.7.6 and below, 8.6.5 and below, 8.5.4 and below, 8.3.7 and below may allow an authenticated attacker to perform several XSS attacks via crafted HTTP GET requests.

Published: February 16, 2023; 2:15:13 PM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2022-38376

Multiple improper neutralization of input during web page generation ('Cross-site Scripting') vulnerabilities [CWE-79] in Fortinet FortiNAC portal UI before 9.4.1 allows an attacker to perform an XSS attack via crafted HTTP requests.

Published: February 16, 2023; 2:15:12 PM -0500
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2023-23467

Media CP Media Control Panel latest version. Reflected XSS possible through unspecified endpoint.

Published: February 15, 2023; 2:15:12 PM -0500
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2022-47372

Stored cross-site scripting vulnerability in the Create event section in Pandora FMS Console v766 and lower. An attacker typically exploits this vulnerability by injecting XSS payloads on popular pages of a site or passing a link to a victim, tricking them into viewing the page that contains the stored XSS payload.

Published: February 14, 2023; 11:15:10 PM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2022-45436

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Artica PFMS Pandora FMS v765 on all platforms, allows Cross-Site Scripting (XSS). As a manager privilege user , create a network map containing name as xss payload. Once created, admin user must click on the edit network maps and XSS payload will be executed, which could be used for stealing admin users cookie value.

Published: February 14, 2023; 11:15:10 PM -0500
V3.1: 4.8 MEDIUM
V2.0:(not available)