U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): xss
  • Search Type: Search All
There are 21,908 matching records.
Displaying matches 401 through 420.
Vuln ID Summary CVSS Severity
CVE-2023-28471

Concrete CMS (previously concrete5) before 9.2 is vulnerable to Stored XSS via a container name.

Published: April 28, 2023; 10:15:10 AM -0400
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-2361

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.

Published: April 28, 2023; 4:15:09 AM -0400
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-29489

An issue was discovered in cPanel before 11.109.9999.116. XSS can occur on the cpsrvd error page via an invalid webcall ID, aka SEC-669. The fixed versions are 11.109.9999.116, 11.108.0.13, 11.106.0.18, and 11.102.0.31.

Published: April 27, 2023; 5:15:10 PM -0400
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2023-30338

Multiple stored cross-site scripting (XSS) vulnerabilities in Emlog Pro v2.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Article Title or Article Summary parameters.

Published: April 27, 2023; 11:15:13 AM -0400
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-2343

Cross-site Scripting (XSS) - DOM in GitHub repository pimcore/pimcore prior to 10.5.21.

Published: April 27, 2023; 10:15:09 AM -0400
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-2342

Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.21.

Published: April 27, 2023; 10:15:09 AM -0400
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-2341

Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.21.

Published: April 27, 2023; 10:15:09 AM -0400
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2023-2340

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.

Published: April 27, 2023; 9:15:09 AM -0400
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-2339

Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.21.

Published: April 27, 2023; 8:15:09 AM -0400
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-2328

Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.21.

Published: April 27, 2023; 6:15:09 AM -0400
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-2327

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.

Published: April 27, 2023; 6:15:09 AM -0400
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-2323

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.

Published: April 27, 2023; 5:15:10 AM -0400
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-2322

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.

Published: April 27, 2023; 5:15:09 AM -0400
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-31287

An issue was discovered in Serenity Serene (and StartSharp) before 6.7.0. Password reset links are sent by email. A link contains a token that is used to reset the password. This token remains valid even after the password reset and can be used a second time to change the password of the corresponding user. The token expires only 3 hours after issuance and is sent as a query parameter when resetting. An attacker with access to the browser history can thus use the token again to change the password in order to take over the account.

Published: April 26, 2023; 11:15:10 PM -0400
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2023-31286

An issue was discovered in Serenity Serene (and StartSharp) before 6.7.0. When a password reset request occurs, the server response leaks the existence of users. If one tries to reset a password of a non-existent user, an error message indicates that this user does not exist.

Published: April 26, 2023; 11:15:10 PM -0400
V3.1: 5.3 MEDIUM
V2.0:(not available)
CVE-2023-31285

An XSS issue was discovered in Serenity Serene (and StartSharp) before 6.7.0. When users upload temporary files, some specific file endings are not allowed, but it is possible to upload .html or .htm files containing an XSS payload. The resulting link can be sent to an administrator user.

Published: April 26, 2023; 11:15:10 PM -0400
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2023-25292

Reflected Cross Site Scripting (XSS) in Intermesh BV Group-Office version 6.6.145, allows attackers to gain escalated privileges and gain sensitive information via the GO_LANGUAGE cookie.

Published: April 26, 2023; 9:15:08 PM -0400
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2023-29442

Zoho ManageEngine Applications Manager through 16390 allows DOM XSS.

Published: April 26, 2023; 5:15:08 PM -0400
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2023-29836

Cross Site Scripting vulnerability found in Exelysis Unified Communication Solutions (EUCS) v.1.0 allows a remote attacker to execute arbitrary code via the Username parameter of the eucsAdmin login form.

Published: April 26, 2023; 4:15:10 PM -0400
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2023-30212

OURPHP <= 7.2.0 is vulnerale to Cross Site Scripting (XSS) via /client/manage/ourphp_out.php.

Published: April 26, 2023; 1:15:11 PM -0400
V3.1: 6.1 MEDIUM
V2.0:(not available)