) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): xss
- Search Type: Search All
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2022-43120 |
A cross-site scripting (XSS) vulnerability in the /panel/fields/add component of Intelliants Subrion CMS v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Field default value text field. Published: November 09, 2022; 11:15:18 AM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
| CVE-2022-43119 |
A cross-site scripting (XSS) vulnerability in Clansphere CMS v2011.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Username parameter. Published: November 09, 2022; 11:15:18 AM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
| CVE-2022-43118 |
A cross-site scripting (XSS) vulnerability in flatCore-CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Username text field. Published: November 09, 2022; 11:15:18 AM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
| CVE-2022-43321 |
Shopwind v3.4.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the component /common/library/Page.php. Published: November 09, 2022; 9:15:17 AM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
| CVE-2022-43320 |
FeehiCMS v2.1.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the id parameter at /web/admin/index.php?r=log%2Fview-layer. Published: November 09, 2022; 9:15:16 AM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
| CVE-2022-43144 |
A cross-site scripting (XSS) vulnerability in Canteen Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Published: November 08, 2022; 6:15:12 PM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
| CVE-2022-44741 |
Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site Scripting (XSS) in David Anderson Testimonial Slider plugin <= 1.3.1 on WordPress. Published: November 08, 2022; 2:15:18 PM -0500 |
V3.1: 8.8 HIGH V2.0:(not available) |
| CVE-2022-41980 |
Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Mantenimiento web plugin <= 0.13 on WordPress. Published: November 08, 2022; 2:15:16 PM -0500 |
V3.1: 4.8 MEDIUM V2.0:(not available) |
| CVE-2022-41136 |
Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS) in Vladimir Anokhin's Shortcodes Ultimate plugin <= 5.12.0 on WordPress. Published: November 08, 2022; 2:15:15 PM -0500 |
V3.1: 8.8 HIGH V2.0:(not available) |
| CVE-2022-32776 |
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Advanced Ads GmbH Advanced Ads – Ad Manager & AdSense plugin <= 1.31.1 on WordPress. Published: November 08, 2022; 2:15:12 PM -0500 |
V3.1: 4.8 MEDIUM V2.0:(not available) |
| CVE-2022-30545 |
Auth. Reflected Cross-Site Scripting (XSS) vulnerability in 5 Anker Connect plugin <= 1.2.6 on WordPress. Published: November 08, 2022; 2:15:11 PM -0500 |
V3.1: 4.8 MEDIUM V2.0:(not available) |
| CVE-2022-27914 |
An issue was discovered in Joomla! 4.0.0 through 4.2.4. Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in com_media. Published: November 08, 2022; 2:15:11 PM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
| CVE-2021-40303 |
perfex crm 1.10 is vulnerable to Cross Site Scripting (XSS) via /clients/profile. Published: November 08, 2022; 1:15:10 PM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
| CVE-2022-41434 |
EyesOfNetwork Web Interface v5.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /lilac/main.php. Published: November 07, 2022; 8:15:09 PM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
| CVE-2022-41433 |
EyesOfNetwork Web Interface v5.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /module/admin_bp/add_application.php. Published: November 07, 2022; 8:15:09 PM -0500 |
V3.1: 4.8 MEDIUM V2.0:(not available) |
| CVE-2022-41432 |
EyesOfNetwork Web Interface v5.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /module/report_event/index.php. Published: November 07, 2022; 8:15:09 PM -0500 |
V3.1: 4.8 MEDIUM V2.0:(not available) |
| CVE-2022-43046 |
Food Ordering Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /foms/place-order.php. Published: November 07, 2022; 4:15:09 PM -0500 |
V3.1: 4.8 MEDIUM V2.0:(not available) |
| CVE-2022-43317 |
A cross-site scripting (XSS) vulnerability in /hrm/index.php?msg of Human Resource Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Published: November 07, 2022; 10:15:10 AM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
| CVE-2022-3873 |
Cross-site Scripting (XSS) - DOM in GitHub repository jgraph/drawio prior to 20.5.2. Published: November 07, 2022; 6:15:10 AM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
| CVE-2022-43569 |
In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authenticated user can inject and store arbitrary scripts that can lead to persistent cross-site scripting (XSS) in the object name of a Data Model. Published: November 04, 2022; 7:15:10 PM -0400 |
V3.1: 5.4 MEDIUM V2.0:(not available) |