U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): xss
  • Search Type: Search All
There are 20,807 matching records.
Displaying matches 621 through 640.
Vuln ID Summary CVSS Severity
CVE-2022-42205

PHPGurukul Hospital Management System In PHP V 4.0 is vulnerable to Cross Site Scripting (XSS) via add-patient.php.

Published: October 21, 2022; 9:15:09 AM -0400
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2022-42200

Simple Exam Reviewer Management System v1.0 is vulnerable to Stored Cross Site Scripting (XSS) via the Exam List.

Published: October 20, 2022; 9:15:10 AM -0400
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2021-33231

Cross Site Scripting (XSS) vulnerability in New equipment page in EasyVista Service Manager 2018.1.181.1 allows remote attackers to run arbitrary code via the notes field.

Published: October 20, 2022; 7:15:10 AM -0400
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2022-41358

A stored cross-site scripting (XSS) vulnerability in Garage Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the categoriesName parameter in createCategories.php.

Published: October 19, 2022; 10:15:56 PM -0400
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2022-43018

OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the email parameter in the Check Email function.

Published: October 19, 2022; 2:15:13 PM -0400
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2022-43017

OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the indexFile component.

Published: October 19, 2022; 2:15:13 PM -0400
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2022-43016

OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the callback component.

Published: October 19, 2022; 2:15:13 PM -0400
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2022-43015

OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the entriesPerPage parameter.

Published: October 19, 2022; 2:15:13 PM -0400
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2022-43014

OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the joborderID parameter.

Published: October 19, 2022; 2:15:13 PM -0400
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2022-43425

Jenkins Custom Checkbox Parameter Plugin 1.4 and earlier does not escape the name and description of Custom Checkbox Parameter parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

Published: October 19, 2022; 12:15:11 PM -0400
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2022-43420

Jenkins Contrast Continuous Application Security Plugin 3.9 and earlier does not escape data returned from the Contrast service when generating a report, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control or modify Contrast service API responses.

Published: October 19, 2022; 12:15:11 PM -0400
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2022-43409

Jenkins Pipeline: Supporting APIs Plugin 838.va_3a_087b_4055b and earlier does not sanitize or properly encode URLs of hyperlinks sending POST requests in build logs, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create Pipelines.

Published: October 19, 2022; 12:15:10 PM -0400
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2022-43185

A stored cross-site scripting (XSS) vulnerability in the Configuration/Holidays module of Rukovoditel v3.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter.

Published: October 19, 2022; 10:15:10 AM -0400
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2022-39301

sra-admin is a background rights management system that separates the front and back end. sra-admin version 1.1.1 has a storage cross-site scripting (XSS) vulnerability. After logging into the sra-admin background, an attacker can upload an html page containing xss attack code in "Personal Center" - "Profile Picture Upload" allowing theft of the user's personal information. This issue has been patched in 1.1.2. There are no known workarounds.

Published: October 19, 2022; 10:15:09 AM -0400
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2022-3608

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.0-alpha.

Published: October 19, 2022; 9:15:08 AM -0400
V3.1: 8.4 HIGH
V2.0:(not available)
CVE-2022-38901

A Cross-site scripting (XSS) vulnerability in the Document and Media module - file upload functionality in Liferay Digital Experience Platform 7.3.10 SP3 allows remote attackers to inject arbitrary JS script or HTML into the description field of uploaded svg file.

Published: October 18, 2022; 10:15:09 PM -0400
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2022-42117

A Cross-site scripting (XSS) vulnerability in the Frontend Taglib module in Liferay Portal 7.3.2 through 7.4.3.16, and Liferay DXP 7.3 before update 6, and 7.4 before update 17 allows remote attackers to inject arbitrary web script or HTML.

Published: October 18, 2022; 5:15:16 PM -0400
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2022-42116

A Cross-site scripting (XSS) vulnerability in the Frontend Editor module's integration with CKEditor in Liferay Portal 7.3.2 through 7.4.3.14, and Liferay DXP 7.3 before update 6, and 7.4 before update 15 allows remote attackers to inject arbitrary web script or HTML via the (1) name, or (2) namespace parameter.

Published: October 18, 2022; 5:15:16 PM -0400
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2022-42115

Cross-site scripting (XSS) vulnerability in the Object module's edit object details page in Liferay Portal 7.4.3.4 through 7.4.3.36 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into the object field's `Label` text field.

Published: October 18, 2022; 5:15:16 PM -0400
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2022-42114

A Cross-site scripting (XSS) vulnerability in the Role module's edit role assignees page in Liferay Portal 7.4.0 through 7.4.3.36, and Liferay DXP 7.4 before update 37 allows remote attackers to inject arbitrary web script or HTML.

Published: October 18, 2022; 5:15:16 PM -0400
V3.1: 5.4 MEDIUM
V2.0:(not available)