U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): xss
  • Search Type: Search All
There are 20,807 matching records.
Displaying matches 561 through 580.
Vuln ID Summary CVSS Severity
CVE-2022-44576

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in AgentEasy Properties plugin <= 1.0.4 on WordPress.

Published: November 02, 2022; 6:15:17 PM -0400
V3.1: 4.8 MEDIUM
V2.0:(not available)
CVE-2022-2904

A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions starting from 15.2 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1 It was possible to exploit a vulnerability in the external status checks feature which could lead to a stored XSS that allowed attackers to perform arbitrary actions on behalf of victims at client side.

Published: November 02, 2022; 4:15:09 PM -0400
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2022-43670

An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.0 and prior may allow an authenticated remote attacker to perform a reflected cross site scripting (XSS) attack in the taxonomy management feature.

Published: November 02, 2022; 9:15:19 AM -0400
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2022-40840

ndk design NdkAdvancedCustomizationFields 3.5.0 is vulnerable to Cross Site Scripting (XSS) via createPdf.php.

Published: November 02, 2022; 9:15:19 AM -0400
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2022-43982

In Apache Airflow versions prior to 2.4.2, the "Trigger DAG with config" screen was susceptible to XSS attacks via the `origin` query argument.

Published: November 02, 2022; 8:15:56 AM -0400
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2022-39950

An improper neutralization of input during web page generation vulnerability [CWE-79] exists in FortiManager and FortiAnalyzer 6.0.0 all versions, 6.2.0 all versions, 6.4.0 through 6.4.8, and 7.0.0 through 7.0.4. Report templates may allow a low privilege level attacker to perform an XSS attack via posting a crafted CKeditor "protected" comment as described in CVE-2020-9281.

Published: November 02, 2022; 8:15:55 AM -0400
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2022-38381

An improper handling of malformed request vulnerability [CWE-228] exists in FortiADC 5.0 all versions, 6.0.0 all versions, 6.1.0 all versions, 6.2.0 through 6.2.3, and 7.0.0 through 7.0.2. This may allow a remote attacker without privileges to bypass some Web Application Firewall (WAF) protection such as the SQL Injection and XSS filters via a malformed HTTP request.

Published: November 02, 2022; 8:15:54 AM -0400
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2022-38373

An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiDeceptor management interface 4.2.0, 4.1.0 through 4.1.1, 4.0.2 may allow an authenticated user to perform a cross site scripting (XSS) attack via sending requests with specially crafted lure resource ID.

Published: November 02, 2022; 8:15:54 AM -0400
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2022-35851

An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiADC management interface 7.1.0 may allow a remote and authenticated attacker to trigger a stored cross site scripting (XSS) attack via configuring a specially crafted IP Address.

Published: November 02, 2022; 8:15:53 AM -0400
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2022-43361

Senayan Library Management System v9.4.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the component pop_chart.php.

Published: November 01, 2022; 3:15:11 PM -0400
V3.1: 4.8 MEDIUM
V2.0:(not available)
CVE-2022-31777

A stored cross-site scripting (XSS) vulnerability in Apache Spark 3.2.1 and earlier, and 3.3.0, allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the logs which would be returned in logs rendered in the UI.

Published: November 01, 2022; 12:15:13 PM -0400
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2022-43084

A cross-site scripting (XSS) vulnerability in admin-add-vehicle.php of Vehicle Booking System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the v_name parameter.

Published: November 01, 2022; 10:15:14 AM -0400
V3.1: 4.8 MEDIUM
V2.0:(not available)
CVE-2022-43082

A cross-site scripting (XSS) vulnerability in /fastfood/purchase.php of Fast Food Ordering System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the customer parameter.

Published: November 01, 2022; 10:15:14 AM -0400
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2022-43079

A cross-site scripting (XSS) vulnerability in /admin/add-fee.php of Train Scheduler App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cmddept parameter.

Published: November 01, 2022; 10:15:14 AM -0400
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2022-43078

A cross-site scripting (XSS) vulnerability in /admin/add-fee.php of Web-Based Student Clearance System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cmddept parameter.

Published: November 01, 2022; 10:15:14 AM -0400
V3.1: 4.8 MEDIUM
V2.0:(not available)
CVE-2022-43076

A cross-site scripting (XSS) vulnerability in /admin/edit-admin.php of Web-Based Student Clearance System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtemail parameter.

Published: November 01, 2022; 10:15:14 AM -0400
V3.1: 4.8 MEDIUM
V2.0:(not available)
CVE-2022-40290

The application was vulnerable to an unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability in the barcode generation functionality, allowing attackers to generate an unsafe link that could compromise users.

Published: October 31, 2022; 5:15:12 PM -0400
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2022-40289

The application was vulnerable to an authenticated Stored Cross-Site Scripting (XSS) in the upload and download functionality, which could be leveraged to escalate privileges or compromise any accounts they can coerce into observing the targeted files.

Published: October 31, 2022; 5:15:12 PM -0400
V3.1: 9.0 CRITICAL
V2.0:(not available)
CVE-2022-40288

The application was vulnerable to an authenticated Stored Cross-Site Scripting (XSS) in the user profile data fields, which could be leveraged to escalate privileges within and compromise any account that views their user profile.

Published: October 31, 2022; 5:15:12 PM -0400
V3.1: 9.0 CRITICAL
V2.0:(not available)
CVE-2022-40287

The application was found to be vulnerable to an authenticated Stored Cross-Site Scripting (XSS) vulnerability in messaging functionality, leading to privilege escalation or a compromise of a targeted account.

Published: October 31, 2022; 5:15:12 PM -0400
V3.1: 9.0 CRITICAL
V2.0:(not available)