Search Results (Refine Search)
- Keyword (text search): xss
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2022-29927 |
In JetBrains TeamCity before 2022.04 reflected XSS on the Build Chain Status page was possible Published: May 12, 2022; 5:15:14 AM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2022-1682 |
Reflected Xss using url based payload in GitHub repository neorazorx/facturascripts prior to 2022.07. Xss can use to steal user's cookies which lead to Account takeover or do any malicious activity in victim's browser Published: May 12, 2022; 5:15:13 AM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2022-23137 |
ZTE's ZXCDN product has a reflective XSS vulnerability. The attacker could modify the parameters in the content clearing request url, and when a user clicks the url, an XSS attack will be triggered. Published: May 11, 2022; 12:15:08 PM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2022-1433 |
An issue has been discovered in GitLab affecting all versions starting from 14.4 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. Missing invalidation of Markdown caching causes potential payloads from a previously exploitable XSS vulnerability (CVE-2022-1175) to persist and execute. Published: May 11, 2022; 11:15:09 AM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2021-43081 |
An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiOS version 7.0.3 and below, 6.4.8 and below, 6.2.10 and below, 6.0.14 to 6.0.0. and in FortiProxy version 7.0.1 and below, 2.0.7 to 2.0.0 web filter override form may allow an unauthenticated attacker to perform an XSS attack via crafted HTTP GET requests. Published: May 11, 2022; 11:15:08 AM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2021-43712 |
Stored XSS in Add New Employee Form in Sourcecodester Employee Daily Task Management System 1.0 Allows Remote Attacker to Inject/Store Arbitrary Code via the Name Field. Published: May 09, 2022; 5:15:07 PM -0400 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2022-29420 |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Adam Skaat Countdown & Clock (WordPress plugin) countdown-builder allows Stored XSS.This issue affects Countdown & Clock (WordPress plugin): from n/a through 2.3.2. Published: May 06, 2022; 1:15:09 PM -0400 |
V4.0:(not available) V3.1: 4.8 MEDIUM V2.0: 3.5 LOW |
CVE-2022-28545 |
FUDforum 3.1.1 is vulnerable to Stored XSS. Published: May 06, 2022; 1:15:09 PM -0400 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2022-27183 |
The Monitoring Console app configured in Distributed mode allows for a Reflected XSS in a query parameter in Splunk Enterprise versions before 8.1.4. The Monitoring Console app is a bundled app included in Splunk Enterprise, not for download on SplunkBase, and not installed on Splunk Cloud Platform instances. Note that the Cloud Monitoring Console is not impacted. Published: May 06, 2022; 1:15:08 PM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2022-26889 |
In Splunk Enterprise versions before 8.1.2, the uri path to load a relative resource within a web page is vulnerable to path traversal. It allows an attacker to potentially inject arbitrary content into the web page (e.g., HTML Injection, XSS) or bypass SPL safeguards for risky commands. The attack is browser-based. An attacker cannot exploit the attack at will and requires the attacker to initiate a request within the victim's browser (e.g., phishing). Published: May 06, 2022; 1:15:08 PM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 5.1 MEDIUM |
CVE-2021-25268 |
Multiple XSS vulnerabilities in Webadmin allow for privilege escalation from MySophos admin to SFOS admin in Sophos Firewall older than version 19.0 GA. Published: May 05, 2022; 2:15:09 PM -0400 |
V4.0:(not available) V3.1: 8.4 HIGH V2.0: 6.0 MEDIUM |
CVE-2021-25267 |
Multiple XSS vulnerabilities in Webadmin allow for privilege escalation from admin to super-admin in Sophos Firewall older than version 19.0 GA. Published: May 05, 2022; 2:15:09 PM -0400 |
V4.0:(not available) V3.1: 8.4 HIGH V2.0: 8.5 HIGH |
CVE-2022-1464 |
Stored xss bug in GitHub repository gogs/gogs prior to 0.12.7. As the repo is public , any user can view the report and when open the attachment then xss is executed. This bug allow executed any javascript code in victim account . Published: May 05, 2022; 10:15:08 AM -0400 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2022-1575 |
Arbitrary Code Execution through Sanitizer Bypass in GitHub repository jgraph/drawio prior to 18.0.0. - Arbitrary (remote) code execution in the desktop app. - Stored XSS in the web app. Published: May 05, 2022; 8:15:07 AM -0400 |
V4.0:(not available) V3.1: 9.6 CRITICAL V2.0: 6.8 MEDIUM |
CVE-2022-1592 |
Server-Side Request Forgery in scout in GitHub repository clinical-genomics/scout prior to v4.42. An attacker could make the application perform arbitrary requests to fishing steal cookie, request to private area, or lead to xss... Published: May 05, 2022; 7:15:08 AM -0400 |
V4.0:(not available) V3.1: 8.2 HIGH V2.0: 6.4 MEDIUM |
CVE-2022-1584 |
Reflected XSS in GitHub repository microweber/microweber prior to 1.2.16. Executing JavaScript as the victim Published: May 04, 2022; 2:15:08 PM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2022-28508 |
An XSS issue was discovered in browser_search_plugin.php in MantisBT before 2.25.2. Unescaped output of the return parameter allows an attacker to inject code into a hidden input field. Published: May 04, 2022; 10:15:09 AM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2022-1555 |
DOM XSS in microweber ver 1.2.15 in GitHub repository microweber/microweber prior to 1.2.16. inject arbitrary js code, deface website, steal cookie... Published: May 04, 2022; 5:15:08 AM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2022-28599 |
A stored cross-site scripting (XSS) vulnerability exists in FUEL-CMS 1.5.1 that allows an authenticated user to upload a malicious .pdf file which acts as a stored XSS payload. If this stored XSS payload is triggered by an administrator it will trigger a XSS attack. Published: May 03, 2022; 2:15:08 PM -0400 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2022-28588 |
In SpringBootMovie <=1.2 when adding movie names, malicious code can be stored because there are no filtering parameters, resulting in stored XSS. Published: May 03, 2022; 2:15:08 PM -0400 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |