Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): xss
- Search Type: Search All
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2020-22327 |
An issue was discovered in HFish 0.5.1. When a payload is inserted where the name is entered, XSS code is triggered when the administrator views the information. Published: January 26, 2023; 4:15:21 PM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2022-4554 |
B2B Customer Ordering System developed by ID Software Project and Consultancy Services before version 1.0.0.347 has an authenticated Reflected XSS vulnerability. This has been fixed in the version 1.0.0.347. Published: January 24, 2023; 4:15:09 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-4307 |
The ?????? ?????? ?????? WordPress plugin before 2.9.3 does not sanitise and escape some parameters, allowing unauthenticated attackers to send a request with XSS payloads, which will be triggered when a high privilege users such as admin visits a page from the plugin. Published: January 23, 2023; 10:15:14 AM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-24070 |
app/View/AuthKeys/authkey_display.ctp in MISP through 2.4.167 has an XSS in authkey add via a Referer field. Published: January 23, 2023; 12:15:18 AM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-24027 |
In MISP 2.4.167, app/webroot/js/action_table.js allows XSS via a network history name. Published: January 20, 2023; 5:15:10 PM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-24026 |
In MISP 2.4.167, app/webroot/js/event-graph.js has an XSS vulnerability via an event-graph preview payload. Published: January 20, 2023; 5:15:10 PM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-22910 |
An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. There is XSS in Wikibase date formatting via wikibase-time-precision-* fields. This allows JavaScript execution by staff/admin users who do not intentionally have the editsitejs capability. Published: January 20, 2023; 1:15:10 PM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-23691 |
Dell EMC PV ME5, versions ME5.1.0.0.0 and ME5.1.0.1.0, contains a Client-side desync Vulnerability. An unauthenticated attacker could potentially exploit this vulnerability to force a victim's browser to desynchronize its connection with the website, typically leading to XSS and DoS. Published: January 20, 2023; 3:15:17 AM -0500 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2022-47197 |
An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installations of Ghost allow non-administrator users to inject arbitrary Javascript in posts, which allow privilege escalation to administrator via XSS. To trigger this vulnerability, an attacker can send an HTTP request to inject Javascript in a post to trick an administrator into visiting the post.A stored XSS vulnerability exists in the `codeinjection_foot` for a post. Published: January 19, 2023; 1:15:14 PM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-47196 |
An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installations of Ghost allow non-administrator users to inject arbitrary Javascript in posts, which allow privilege escalation to administrator via XSS. To trigger this vulnerability, an attacker can send an HTTP request to inject Javascript in a post to trick an administrator into visiting the post.A stored XSS vulnerability exists in the `codeinjection_head` for a post. Published: January 19, 2023; 1:15:14 PM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-47195 |
An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installations of Ghost allow non-administrator users to inject arbitrary Javascript in posts, which allow privilege escalation to administrator via XSS. To trigger this vulnerability, an attacker can send an HTTP request to inject Javascript in a post to trick an administrator into visiting the post.A stored XSS vulnerability exists in the `facebook` field for a user. Published: January 19, 2023; 1:15:14 PM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-47194 |
An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installations of Ghost allow non-administrator users to inject arbitrary Javascript in posts, which allow privilege escalation to administrator via XSS. To trigger this vulnerability, an attacker can send an HTTP request to inject Javascript in a post to trick an administrator into visiting the post.A stored XSS vulnerability exists in the `twitter` field for a user. Published: January 19, 2023; 1:15:13 PM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-23637 |
IMPatienT before 1.5.2 allows stored XSS via onmouseover in certain text fields within a PATCH /modify_onto request to the ontology builder. This may allow attackers to steal Protected Health Information. Published: January 17, 2023; 4:15:17 PM -0500 |
V3.1: 7.6 HIGH V2.0:(not available) |
CVE-2022-40704 |
A XSS vulnerability was found in phoromatic_r_add_test_details.php in phoronix-test-suite. Published: January 17, 2023; 2:15:11 PM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2022-43718 |
Upload data forms do not correctly render user input leading to possible XSS attack vectors that can be performed by authenticated users with database connection update permissions. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0. Published: January 16, 2023; 6:15:10 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-43717 |
Dashboard rendering does not sufficiently sanitize the content of markdown components leading to possible XSS attack vectors that can be performed by authenticated users with create dashboard permissions. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0. Published: January 16, 2023; 6:15:10 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2021-46872 |
An issue was discovered in Nim before 1.6.2. The RST module of the Nim language stdlib, as used in NimForum and other products, permits the javascript: URI scheme and thus can lead to XSS in some applications. (Nim versions 1.6.2 and later are fixed; there may be backports of the fix to some earlier versions. NimForum 2.2.0 is fixed.) Published: January 13, 2023; 1:15:10 AM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2022-42967 |
Caret is vulnerable to an XSS attack when the user opens a crafted Markdown file when preview mode is enabled. This directly leads to client-side code execution. Published: January 11, 2023; 8:15:09 AM -0500 |
V3.1: 9.6 CRITICAL V2.0:(not available) |
CVE-2023-22911 |
An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. E-Widgets does widget replacement in HTML attributes, which can lead to XSS, because widget authors often do not expect that their widget is executed in an HTML attribute context. Published: January 10, 2023; 3:15:10 AM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2021-46871 |
tag.ex in Phoenix Phoenix.HTML (aka phoenix_html) before 3.0.4 allows XSS in HEEx class attributes. Published: January 10, 2023; 1:15:09 AM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |