Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): xss
- Search Type: Search All
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2022-23543 |
Silverware Games is a social network where people can play games online. Users can attach URLs to YouTube videos, the site will generate related `<iframe>` when the post will be published. The handler has some sort of protection so non-YouTube links can't be posted, as well as HTML tags are being stripped. However, it was still possible to add custom HTML attributes (e.g. `onclick=alert("xss")`) to the `<iframe>'. This issue was fixed in the version `1.1.34` and does not require any extra actions from our members. There has been no evidence that this vulnerability was used by anyone at this time. Published: December 19, 2022; 5:15:10 PM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-4615 |
Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.2. Published: December 19, 2022; 3:15:13 PM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2022-4614 |
Cross-site Scripting (XSS) - Stored in GitHub repository alagrede/znote-app prior to 1.7.11. Published: December 19, 2022; 3:15:13 PM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-44474 |
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Published: December 19, 2022; 3:15:13 PM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-44471 |
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Published: December 19, 2022; 3:15:13 PM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-44470 |
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Published: December 19, 2022; 3:15:13 PM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-44467 |
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Published: December 19, 2022; 3:15:13 PM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-44466 |
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Published: December 19, 2022; 3:15:13 PM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-44465 |
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Published: December 19, 2022; 3:15:13 PM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-44463 |
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Published: December 19, 2022; 3:15:13 PM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-42365 |
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Published: December 19, 2022; 3:15:12 PM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-42364 |
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Published: December 19, 2022; 3:15:12 PM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-42362 |
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Published: December 19, 2022; 3:15:12 PM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-42357 |
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Published: December 19, 2022; 3:15:12 PM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-42356 |
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Published: December 19, 2022; 3:15:12 PM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-42354 |
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Published: December 19, 2022; 3:15:12 PM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-42352 |
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Published: December 19, 2022; 3:15:12 PM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-42350 |
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Published: December 19, 2022; 3:15:12 PM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-42349 |
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Published: December 19, 2022; 3:15:12 PM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-42348 |
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Published: December 19, 2022; 3:15:12 PM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |