U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): xss
  • Search Type: Search All
There are 6,881 matching records.
Displaying matches 321 through 340.
Vuln ID Summary CVSS Severity
CVE-2023-52083

Winter is a free, open-source content management system. Prior to 1.2.4, users with the `media.manage_media` permission can upload files to the Media Manager and rename them after uploading. Previously, media manager files were only sanitized on upload, not on renaming, which could have allowed a stored XSS attack. This issue has been patched in v1.2.4.

Published: December 28, 2023; 6:15:43 PM -0500
V3.1: 4.8 MEDIUM
V2.0:(not available)
CVE-2023-50860

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TMS Booking for Appointments and Events Calendar – Amelia allows Stored XSS.This issue affects Booking for Appointments and Events Calendar – Amelia: from n/a through 1.0.85.

Published: December 28, 2023; 6:15:10 AM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-50859

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum WP Crowdfunding allows Stored XSS.This issue affects WP Crowdfunding: from n/a through 2.1.6.

Published: December 28, 2023; 6:15:10 AM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-50836

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ibericode HTML Forms allows Stored XSS.This issue affects HTML Forms: from n/a through 1.3.28.

Published: December 28, 2023; 6:15:09 AM -0500
V3.1: 4.8 MEDIUM
V2.0:(not available)
CVE-2023-51501

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Undsgn Uncode - Creative & WooCommerce WordPress Theme allows Reflected XSS.This issue affects Uncode - Creative & WooCommerce WordPress Theme: from n/a through 2.8.6.

Published: December 28, 2023; 5:15:09 AM -0500
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2023-50874

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Darren Cooney WordPress Infinite Scroll – Ajax Load More allows Stored XSS.This issue affects WordPress Infinite Scroll – Ajax Load More: from n/a through 6.1.0.1.

Published: December 28, 2023; 5:15:08 AM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-4672

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Talent Software ECOP allows Reflected XSS.This issue affects ECOP: before 32255.

Published: December 28, 2023; 5:15:08 AM -0500
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2023-47215

Stored cross-site scripting vulnerability which is exploiting a behavior of the XSS Filter exists in GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product.

Published: December 26, 2023; 3:15:10 AM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-31297

An issue was discovered in SESAMI planfocus CPTO (Cash Point & Transport Optimizer) 6.3.8.6 718. There is XSS via the Name field when modifying a client.

Published: December 25, 2023; 2:15:08 AM -0500
V3.1: 4.8 MEDIUM
V2.0:(not available)
CVE-2023-37225

Pexip Infinity before 32 allows Webapp1 XSS via preconfigured links.

Published: December 25, 2023; 1:15:08 AM -0500
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2022-43675

An issue was discovered in NOKIA NFM-T R19.9. Reflected XSS in the Network Element Manager exists via /oms1350/pages/otn/cpbLogDisplay via the filename parameter, under /oms1350/pages/otn/connection/E2ERoutingDisplayWithOverLay via the id parameter, and under /oms1350/pages/otn/mainOtn via all parameters.

Published: December 25, 2023; 1:15:08 AM -0500
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2022-41762

An issue was discovered in NOKIA NFM-T R19.9. Multiple Reflected XSS vulnerabilities exist in the Network Element Manager via any parameter to log.pl, the bench or pid parameter to top.pl, or the id parameter to easy1350.pl.

Published: December 25, 2023; 1:15:08 AM -0500
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2023-50727

Resque is a Redis-backed Ruby library for creating background jobs, placing them on multiple queues, and processing them later. Reflected XSS issue occurs when /queues is appended with /"><svg%20onload=alert(domain)>. This issue has been patched in version 2.6.0.

Published: December 22, 2023; 4:15:07 PM -0500
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2023-50725

Resque is a Redis-backed Ruby library for creating background jobs, placing them on multiple queues, and processing them later. The following paths in resque-web have been found to be vulnerable to reflected XSS: "/failed/?class=<script>alert(document.cookie)</script>" and "/queues/><img src=a onerror=alert(document.cookie)>". This issue has been patched in version 2.2.1.

Published: December 22, 2023; 3:15:07 PM -0500
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2023-50250

Cacti is an open source operational monitoring and fault management framework. A reflection cross-site scripting vulnerability was discovered in version 1.2.25. Attackers can exploit this vulnerability to perform actions on behalf of other users. The vulnerability is found in `templates_import.php.` When uploading an xml template file, if the XML file does not pass the check, the server will give a JavaScript pop-up prompt, which contains unfiltered xml template file name, resulting in XSS. An attacker exploiting this vulnerability could execute actions on behalf of other users. This ability to impersonate users could lead to unauthorized changes to settings. As of time of publication, no patched versions are available.

Published: December 22, 2023; 12:15:09 PM -0500
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2023-51704

An issue was discovered in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. In includes/logging/RightsLogFormatter.php, group-*-member messages can result in XSS on Special:log/rights.

Published: December 21, 2023; 9:15:42 PM -0500
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2023-49086

Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database (TSDB). Bypassing an earlier fix (CVE-2023-39360) that leads to a DOM XSS attack. Exploitation of the vulnerability is possible for an authorized user. The vulnerable component is the `graphs_new.php`. Impact of the vulnerability - execution of arbitrary javascript code in the attacked user's browser. This issue has been patched in version 1.2.26.

Published: December 21, 2023; 7:15:34 PM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-37520

Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability identified in BigFix Server version 9.5.12.68, allowing for potential data exfiltration. This XSS vulnerability is in the Gather Status Report, which is served by the BigFix Relay.

Published: December 21, 2023; 6:15:08 PM -0500
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2023-37519

Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability. This XSS vulnerability is in the Download Status Report, which is served by the BigFix Server. 

Published: December 21, 2023; 5:15:13 PM -0500
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2023-50834

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in August Infotech WooCommerce Menu Extension allows Stored XSS.This issue affects WooCommerce Menu Extension: from n/a through 1.6.2.

Published: December 21, 2023; 2:15:12 PM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)