U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): xss
  • Search Type: Search All
There are 20,823 matching records.
Displaying matches 541 through 560.
Vuln ID Summary CVSS Severity
CVE-2022-43120

A cross-site scripting (XSS) vulnerability in the /panel/fields/add component of Intelliants Subrion CMS v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Field default value text field.

Published: November 09, 2022; 11:15:18 AM -0500
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2022-43119

A cross-site scripting (XSS) vulnerability in Clansphere CMS v2011.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Username parameter.

Published: November 09, 2022; 11:15:18 AM -0500
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2022-43118

A cross-site scripting (XSS) vulnerability in flatCore-CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Username text field.

Published: November 09, 2022; 11:15:18 AM -0500
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2022-43321

Shopwind v3.4.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the component /common/library/Page.php.

Published: November 09, 2022; 9:15:17 AM -0500
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2022-43320

FeehiCMS v2.1.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the id parameter at /web/admin/index.php?r=log%2Fview-layer.

Published: November 09, 2022; 9:15:16 AM -0500
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2022-43144

A cross-site scripting (XSS) vulnerability in Canteen Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

Published: November 08, 2022; 6:15:12 PM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2022-44741

Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site Scripting (XSS) in David Anderson Testimonial Slider plugin <= 1.3.1 on WordPress.

Published: November 08, 2022; 2:15:18 PM -0500
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2022-41980

Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Mantenimiento web plugin <= 0.13 on WordPress.

Published: November 08, 2022; 2:15:16 PM -0500
V3.1: 4.8 MEDIUM
V2.0:(not available)
CVE-2022-41136

Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS) in Vladimir Anokhin's Shortcodes Ultimate plugin <= 5.12.0 on WordPress.

Published: November 08, 2022; 2:15:15 PM -0500
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2022-32776

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Advanced Ads GmbH Advanced Ads – Ad Manager & AdSense plugin <= 1.31.1 on WordPress.

Published: November 08, 2022; 2:15:12 PM -0500
V3.1: 4.8 MEDIUM
V2.0:(not available)
CVE-2022-30545

Auth. Reflected Cross-Site Scripting (XSS) vulnerability in 5 Anker Connect plugin <= 1.2.6 on WordPress.

Published: November 08, 2022; 2:15:11 PM -0500
V3.1: 4.8 MEDIUM
V2.0:(not available)
CVE-2022-27914

An issue was discovered in Joomla! 4.0.0 through 4.2.4. Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in com_media.

Published: November 08, 2022; 2:15:11 PM -0500
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2021-40303

perfex crm 1.10 is vulnerable to Cross Site Scripting (XSS) via /clients/profile.

Published: November 08, 2022; 1:15:10 PM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2022-41434

EyesOfNetwork Web Interface v5.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /lilac/main.php.

Published: November 07, 2022; 8:15:09 PM -0500
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2022-41433

EyesOfNetwork Web Interface v5.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /module/admin_bp/add_application.php.

Published: November 07, 2022; 8:15:09 PM -0500
V3.1: 4.8 MEDIUM
V2.0:(not available)
CVE-2022-41432

EyesOfNetwork Web Interface v5.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /module/report_event/index.php.

Published: November 07, 2022; 8:15:09 PM -0500
V3.1: 4.8 MEDIUM
V2.0:(not available)
CVE-2022-43046

Food Ordering Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /foms/place-order.php.

Published: November 07, 2022; 4:15:09 PM -0500
V3.1: 4.8 MEDIUM
V2.0:(not available)
CVE-2022-43317

A cross-site scripting (XSS) vulnerability in /hrm/index.php?msg of Human Resource Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

Published: November 07, 2022; 10:15:10 AM -0500
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2022-3873

Cross-site Scripting (XSS) - DOM in GitHub repository jgraph/drawio prior to 20.5.2.

Published: November 07, 2022; 6:15:10 AM -0500
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2022-43569

In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authenticated user can inject and store arbitrary scripts that can lead to persistent cross-site scripting (XSS) in the object name of a Data Model.

Published: November 04, 2022; 7:15:10 PM -0400
V3.1: 5.4 MEDIUM
V2.0:(not available)