U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): xss
  • Search Type: Search All
There are 20,807 matching records.
Displaying matches 661 through 680.
Vuln ID Summary CVSS Severity
CVE-2022-3505

A vulnerability was found in SourceCodester Sanitization Management System. It has been classified as problematic. Affected is an unknown function of the file /php-sms/admin/. The manipulation of the argument page leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-210840.

Published: October 14, 2022; 10:15:10 AM -0400
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2022-3503

A vulnerability was found in SourceCodester Purchase Order Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the component Supplier Handler. The manipulation of the argument Supplier Name/Address/Contact person/Contact leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-210832.

Published: October 14, 2022; 7:15:09 AM -0400
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2022-3502

A vulnerability was found in Human Resource Management System 1.0. It has been classified as problematic. This affects an unknown part of the component Leave Handler. The manipulation of the argument Reason leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-210831.

Published: October 14, 2022; 7:15:09 AM -0400
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2022-39295

Knowage is an open source suite for modern business analytics alternative over big data systems. KnowageLabs / Knowage-Server starting with the 6.x branch and prior to versions 7.4.22, 8.0.9, and 8.1.0 is vulnerable to cross-site scripting because the `XSSRequestWrapper::stripXSS` method can be bypassed. Versions 7.4.22, 8.0.9, and 8.1.0 contain patches for this issue. There are no known workarounds.

Published: October 13, 2022; 7:15:11 PM -0400
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2022-35612

A cross-site scripting (XSS) vulnerability in MQTTRoute v3.3 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the dashboard name text field.

Published: October 13, 2022; 7:15:10 PM -0400
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2022-35134

Boodskap IoT Platform v4.4.9-02 contains a cross-site scripting (XSS) vulnerability.

Published: October 13, 2022; 7:15:09 PM -0400
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2022-34021

Multiple Cross Site Scripting (XSS) vulnerabilities in ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 via the form fields.

Published: October 13, 2022; 7:15:09 PM -0400
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2022-41473

RPCMS v3.0.2 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the Search function.

Published: October 13, 2022; 10:15:10 AM -0400
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2022-38902

A Cross-site scripting (XSS) vulnerability in the Blog module - add new topic functionality in Liferay Digital Experience Platform 7.3.10 SP3 allows remote attackers to inject arbitrary JS script or HTML into the name field of newly created topic.

Published: October 13, 2022; 9:15:10 AM -0400
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2022-41351

In Zimbra Collaboration Suite (ZCS) 8.8.15, at the URL /h/calendar, one can trigger XSS by adding JavaScript code to the view parameter and changing the value of the uncheck parameter to a string (instead of default value of 10).

Published: October 12, 2022; 4:15:11 PM -0400
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2022-41350

In Zimbra Collaboration Suite (ZCS) 8.8.15, /h/search?action=voicemail&action=listen accepts a phone parameter that is vulnerable to Reflected XSS. This allows executing arbitrary JavaScript on the victim's machine.

Published: October 12, 2022; 4:15:11 PM -0400
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2022-41349

In Zimbra Collaboration Suite (ZCS) 8.8.15, the URL at /h/compose accepts an attachUrl parameter that is vulnerable to Reflected XSS. This allows executing arbitrary JavaScript on the victim's machine.

Published: October 12, 2022; 4:15:11 PM -0400
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2022-41348

An issue was discovered in Zimbra Collaboration (ZCS) 9.0. XSS can occur via the onerror attribute of an IMG element, leading to information disclosure.

Published: October 12, 2022; 4:15:11 PM -0400
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2022-42715

A reflected XSS vulnerability exists in REDCap before 12.04.18 in the Alerts & Notifications upload feature. A crafted CSV file will, when uploaded, trigger arbitrary JavaScript code execution.

Published: October 12, 2022; 9:15:10 AM -0400
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2022-40440

mxGraph v4.2.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the setTooltips() function.

Published: October 11, 2022; 8:15:10 PM -0400
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2022-35297

The application SAP Enable Now does not sufficiently encode user-controlled inputs over the network before it is placed in the output being served to other users, thereby expanding the attack scope, resulting in Stored Cross-Site Scripting (XSS) vulnerability leading to limited impact on Confidentiality, Integrity and Availability.

Published: October 11, 2022; 5:15:13 PM -0400
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2022-40047

Flatpress v1.2.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the page parameter at /flatpress/admin.php.

Published: October 11, 2022; 3:15:20 PM -0400
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2022-42236

A Stored XSS issue in Merchandise Online Store v.1.0 allows to injection of Arbitrary JavaScript in edit account form.

Published: October 11, 2022; 2:15:11 PM -0400
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2022-42235

A Stored XSS issue in Student Clearance System v.1.0 allows the injection of arbitrary JavaScript in the Student registration form.

Published: October 11, 2022; 2:15:10 PM -0400
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2021-36899

Authenticated (admin+) Reflected Cross-Site Scripting (XSS) vulnerability in Gabe Livan's Asset CleanUp: Page Speed Booster plugin <= 1.3.8.4 at WordPress.

Published: October 11, 2022; 2:15:09 PM -0400
V3.1: 4.8 MEDIUM
V2.0:(not available)