) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): xss
- Search Type: Search All
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2023-28471 |
Concrete CMS (previously concrete5) before 9.2 is vulnerable to Stored XSS via a container name. Published: April 28, 2023; 10:15:10 AM -0400 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
| CVE-2023-2361 |
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21. Published: April 28, 2023; 4:15:09 AM -0400 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
| CVE-2023-29489 |
An issue was discovered in cPanel before 11.109.9999.116. XSS can occur on the cpsrvd error page via an invalid webcall ID, aka SEC-669. The fixed versions are 11.109.9999.116, 11.108.0.13, 11.106.0.18, and 11.102.0.31. Published: April 27, 2023; 5:15:10 PM -0400 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
| CVE-2023-30338 |
Multiple stored cross-site scripting (XSS) vulnerabilities in Emlog Pro v2.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Article Title or Article Summary parameters. Published: April 27, 2023; 11:15:13 AM -0400 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
| CVE-2023-2343 |
Cross-site Scripting (XSS) - DOM in GitHub repository pimcore/pimcore prior to 10.5.21. Published: April 27, 2023; 10:15:09 AM -0400 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
| CVE-2023-2342 |
Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.21. Published: April 27, 2023; 10:15:09 AM -0400 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
| CVE-2023-2341 |
Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.21. Published: April 27, 2023; 10:15:09 AM -0400 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
| CVE-2023-2340 |
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21. Published: April 27, 2023; 9:15:09 AM -0400 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
| CVE-2023-2339 |
Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.21. Published: April 27, 2023; 8:15:09 AM -0400 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
| CVE-2023-2328 |
Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.21. Published: April 27, 2023; 6:15:09 AM -0400 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
| CVE-2023-2327 |
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21. Published: April 27, 2023; 6:15:09 AM -0400 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
| CVE-2023-2323 |
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21. Published: April 27, 2023; 5:15:10 AM -0400 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
| CVE-2023-2322 |
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21. Published: April 27, 2023; 5:15:09 AM -0400 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
| CVE-2023-31287 |
An issue was discovered in Serenity Serene (and StartSharp) before 6.7.0. Password reset links are sent by email. A link contains a token that is used to reset the password. This token remains valid even after the password reset and can be used a second time to change the password of the corresponding user. The token expires only 3 hours after issuance and is sent as a query parameter when resetting. An attacker with access to the browser history can thus use the token again to change the password in order to take over the account. Published: April 26, 2023; 11:15:10 PM -0400 |
V3.1: 7.8 HIGH V2.0:(not available) |
| CVE-2023-31286 |
An issue was discovered in Serenity Serene (and StartSharp) before 6.7.0. When a password reset request occurs, the server response leaks the existence of users. If one tries to reset a password of a non-existent user, an error message indicates that this user does not exist. Published: April 26, 2023; 11:15:10 PM -0400 |
V3.1: 5.3 MEDIUM V2.0:(not available) |
| CVE-2023-31285 |
An XSS issue was discovered in Serenity Serene (and StartSharp) before 6.7.0. When users upload temporary files, some specific file endings are not allowed, but it is possible to upload .html or .htm files containing an XSS payload. The resulting link can be sent to an administrator user. Published: April 26, 2023; 11:15:10 PM -0400 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
| CVE-2023-25292 |
Reflected Cross Site Scripting (XSS) in Intermesh BV Group-Office version 6.6.145, allows attackers to gain escalated privileges and gain sensitive information via the GO_LANGUAGE cookie. Published: April 26, 2023; 9:15:08 PM -0400 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
| CVE-2023-29442 |
Zoho ManageEngine Applications Manager through 16390 allows DOM XSS. Published: April 26, 2023; 5:15:08 PM -0400 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
| CVE-2023-29836 |
Cross Site Scripting vulnerability found in Exelysis Unified Communication Solutions (EUCS) v.1.0 allows a remote attacker to execute arbitrary code via the Username parameter of the eucsAdmin login form. Published: April 26, 2023; 4:15:10 PM -0400 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
| CVE-2023-30212 |
OURPHP <= 7.2.0 is vulnerale to Cross Site Scripting (XSS) via /client/manage/ourphp_out.php. Published: April 26, 2023; 1:15:11 PM -0400 |
V3.1: 6.1 MEDIUM V2.0:(not available) |