U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): xss
  • Search Type: Search All
There are 20,794 matching records.
Displaying matches 641 through 660.
Vuln ID Summary CVSS Severity
CVE-2022-35612

A cross-site scripting (XSS) vulnerability in MQTTRoute v3.3 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the dashboard name text field.

Published: October 13, 2022; 7:15:10 PM -0400
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2022-35134

Boodskap IoT Platform v4.4.9-02 contains a cross-site scripting (XSS) vulnerability.

Published: October 13, 2022; 7:15:09 PM -0400
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2022-34021

Multiple Cross Site Scripting (XSS) vulnerabilities in ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 via the form fields.

Published: October 13, 2022; 7:15:09 PM -0400
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2022-41473

RPCMS v3.0.2 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the Search function.

Published: October 13, 2022; 10:15:10 AM -0400
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2022-38902

A Cross-site scripting (XSS) vulnerability in the Blog module - add new topic functionality in Liferay Digital Experience Platform 7.3.10 SP3 allows remote attackers to inject arbitrary JS script or HTML into the name field of newly created topic.

Published: October 13, 2022; 9:15:10 AM -0400
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2022-41351

In Zimbra Collaboration Suite (ZCS) 8.8.15, at the URL /h/calendar, one can trigger XSS by adding JavaScript code to the view parameter and changing the value of the uncheck parameter to a string (instead of default value of 10).

Published: October 12, 2022; 4:15:11 PM -0400
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2022-41350

In Zimbra Collaboration Suite (ZCS) 8.8.15, /h/search?action=voicemail&action=listen accepts a phone parameter that is vulnerable to Reflected XSS. This allows executing arbitrary JavaScript on the victim's machine.

Published: October 12, 2022; 4:15:11 PM -0400
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2022-41349

In Zimbra Collaboration Suite (ZCS) 8.8.15, the URL at /h/compose accepts an attachUrl parameter that is vulnerable to Reflected XSS. This allows executing arbitrary JavaScript on the victim's machine.

Published: October 12, 2022; 4:15:11 PM -0400
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2022-41348

An issue was discovered in Zimbra Collaboration (ZCS) 9.0. XSS can occur via the onerror attribute of an IMG element, leading to information disclosure.

Published: October 12, 2022; 4:15:11 PM -0400
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2022-42715

A reflected XSS vulnerability exists in REDCap before 12.04.18 in the Alerts & Notifications upload feature. A crafted CSV file will, when uploaded, trigger arbitrary JavaScript code execution.

Published: October 12, 2022; 9:15:10 AM -0400
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2022-40440

mxGraph v4.2.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the setTooltips() function.

Published: October 11, 2022; 8:15:10 PM -0400
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2022-35297

The application SAP Enable Now does not sufficiently encode user-controlled inputs over the network before it is placed in the output being served to other users, thereby expanding the attack scope, resulting in Stored Cross-Site Scripting (XSS) vulnerability leading to limited impact on Confidentiality, Integrity and Availability.

Published: October 11, 2022; 5:15:13 PM -0400
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2022-40047

Flatpress v1.2.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the page parameter at /flatpress/admin.php.

Published: October 11, 2022; 3:15:20 PM -0400
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2022-42236

A Stored XSS issue in Merchandise Online Store v.1.0 allows to injection of Arbitrary JavaScript in edit account form.

Published: October 11, 2022; 2:15:11 PM -0400
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2022-42235

A Stored XSS issue in Student Clearance System v.1.0 allows the injection of arbitrary JavaScript in the Student registration form.

Published: October 11, 2022; 2:15:10 PM -0400
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2021-36899

Authenticated (admin+) Reflected Cross-Site Scripting (XSS) vulnerability in Gabe Livan's Asset CleanUp: Page Speed Booster plugin <= 1.3.8.4 at WordPress.

Published: October 11, 2022; 2:15:09 PM -0400
V3.1: 4.8 MEDIUM
V2.0:(not available)
CVE-2022-41376

Metro UI v4.4.0 to v4.5.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Javascript function.

Published: October 11, 2022; 1:15:11 PM -0400
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2022-33978

Reflected Cross-Site Scripting (XSS) vulnerability FontMeister plugin <= 1.08 at WordPress.

Published: October 11, 2022; 1:15:10 PM -0400
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2022-32174

In Gogs, versions v0.6.5 through v0.12.10 are vulnerable to Stored Cross-Site Scripting (XSS) that leads to an account takeover.

Published: October 11, 2022; 11:15:09 AM -0400
V3.1: 9.0 CRITICAL
V2.0:(not available)
CVE-2022-3209

The soledad WordPress theme before 8.2.5 does not sanitise the {id,datafilter[type],...} parameters in its penci_more_slist_post_ajax AJAX action, leading to a Reflected Cross-Site Scripting (XSS) vulnerability.

Published: October 10, 2022; 5:15:11 PM -0400
V3.1: 6.1 MEDIUM
V2.0:(not available)