U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): xss
  • Search Type: Search All
There are 8,326 matching records.
Displaying matches 781 through 800.
Vuln ID Summary CVSS Severity
CVE-2024-35645

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in vinoth06 Random Banner allows Stored XSS.This issue affects Random Banner: from n/a through 4.2.8.

Published: June 01, 2024; 8:15:37 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-34000

ID numbers displayed in the lesson overview report required additional sanitizing to prevent a stored XSS risk.

Published: May 31, 2024; 4:15:10 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-33998

Insufficient escaping of participants' names in the participants page table resulted in a stored XSS risk when interacting with some features.

Published: May 31, 2024; 4:15:09 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-33997

Additional sanitizing was required when opening the equation editor to prevent a stored XSS risk when editing another user's equation.

Published: May 31, 2024; 4:15:09 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-36374

In JetBrains TeamCity before 2024.03.2 stored XSS via build step settings was possible

Published: May 29, 2024; 10:15:24 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-36373

In JetBrains TeamCity before 2024.03.2 several stored XSS in untrusted builds settings were possible

Published: May 29, 2024; 10:15:24 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-36372

In JetBrains TeamCity before 2023.05.6 reflected XSS on the subscriptions page was possible

Published: May 29, 2024; 10:15:24 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-36371

In JetBrains TeamCity before 2023.05.6, 2023.11.5 stored XSS in Commit status publisher was possible

Published: May 29, 2024; 10:15:24 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-36370

In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS via OAuth connection settings was possible

Published: May 29, 2024; 10:15:24 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-36369

In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS via issue tracker integration was possible

Published: May 29, 2024; 10:15:23 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-36368

In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 reflected XSS via OAuth provider configuration was possible

Published: May 29, 2024; 10:15:23 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-36367

In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS via third-party reports was possible

Published: May 29, 2024; 10:15:23 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-36366

In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 an XSS could be executed via certain report grouping and filtering operations

Published: May 29, 2024; 10:15:23 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-36363

In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 several Stored XSS in code inspection reports were possible

Published: May 29, 2024; 10:15:22 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-25977

The application does not change the session token when using the login or logout functionality. An attacker can set a session token in the victim's browser (e.g. via XSS) and prompt the victim to log in (e.g. via a redirect to the login page). This results in the victim's account being taken over.

Published: May 29, 2024; 9:15:49 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-25976

When LDAP authentication is activated in the configuration it is possible to obtain reflected XSS execution by creating a custom URL that the victim only needs to open in order to execute arbitrary JavaScript code in the victim's browser. This is due to a fault in the file login.php where the content of "$_SERVER['PHP_SELF']" is reflected into the HTML of the website. Hence the attacker does not need a valid account in order to exploit this issue.

Published: May 29, 2024; 9:15:49 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-27313

Zoho ManageEngine PAM360 is vulnerable to Stored XSS vulnerability. This vulnerability is applicable only in the version 6610.

Published: May 29, 2024; 7:16:02 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-5415

A vulnerability have been discovered in PhpMyBackupPro affecting version 2.3 that could allow an attacker to execute XSS through /phpmybackuppro/backup.php, 'comments' and 'db' parameters. This vulnerabilities could allow an attacker to create a specially crafted URL and send it to a victim to retrieve their session details.

Published: May 28, 2024; 9:15:11 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-5414

A vulnerability have been discovered in PhpMyBackupPro affecting version 2.3 that could allow an attacker to execute XSS through /phpmybackuppro/get_file.php, 'view' parameter. This vulnerabilities could allow an attacker to create a specially crafted URL and send it to a victim to retrieve their session details.

Published: May 28, 2024; 9:15:11 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-5413

A vulnerability have been discovered in PhpMyBackupPro affecting version 2.3 that could allow an attacker to execute XSS through /phpmybackuppro/scheduled.php, all parameters. This vulnerabilities could allow an attacker to create a specially crafted URL and send it to a victim to retrieve their session details.

Published: May 28, 2024; 9:15:11 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)