Jenkins Job Configuration History Plugin 1165.v8cc9fd1f4597 and earlier does not escape the job name on the System Configuration History page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure job names.
Max CVSS
5.4
EPSS Score
0.08%
Published
2022-08-23
Updated
2023-11-02
ServiceNow through San Diego Patch 4b and Patch 6 allows reflected XSS in the logout functionality.
Max CVSS
6.1
EPSS Score
0.17%
Published
2022-08-23
Updated
2022-08-26
Improper neutralization of input during web page generation leaves the Eyes of Network web application vulnerable to cross-site scripting attacks at /module/admin_notifiers/rules.php and /module/report_event/indext.php via the parameters rule_notification, rule_name, and rule_name_old, and at /module/admin_user/add_modify_user.php via the parameters user_name and user_email.
Max CVSS
6.1
EPSS Score
0.10%
Published
2022-08-15
Updated
2022-08-17
A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS may allow a remote, authenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the user’s browser.
Max CVSS
6.1
EPSS Score
0.07%
Published
2022-08-16
Updated
2022-08-17
There is an HTML injection issue in Esri Portal for ArcGIS versions 10.9.0 and below which may allow a remote, authenticated attacker to inject HTML into some locations in the home application.
Max CVSS
6.1
EPSS Score
0.07%
Published
2022-08-15
Updated
2023-06-27
A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS configurable apps may allow a remote, unauthenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the user’s browser
Max CVSS
6.1
EPSS Score
0.14%
Published
2022-08-15
Updated
2022-08-16
A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS may allow a remote, authenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the user’s browser.
Max CVSS
5.4
EPSS Score
0.07%
Published
2022-08-16
Updated
2022-10-28
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 which may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victim’s browser.
Max CVSS
7.1
EPSS Score
0.10%
Published
2022-08-15
Updated
2022-08-16
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.8.1 and below which may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victim’s browser.
Max CVSS
7.1
EPSS Score
0.10%
Published
2022-08-15
Updated
2022-08-16
ServiceNow through San Diego Patch 3 allows XSS via the name field during creation of a new dashboard for the Performance Analytics dashboard.
Max CVSS
6.1
EPSS Score
0.07%
Published
2022-08-23
Updated
2022-08-26
Stored cross-site scripting vulnerability in Exment ((PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier) allows a remote authenticated attacker to inject an arbitrary script.
Max CVSS
5.4
EPSS Score
0.10%
Published
2022-08-24
Updated
2022-08-27
Reflected cross-site scripting vulnerability in Exment ((PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier) allows a remote authenticated attacker to inject an arbitrary script.
Max CVSS
5.4
EPSS Score
0.10%
Published
2022-08-24
Updated
2022-08-29
A reflected cross-site scripting (XSS) vulnerability exists in the iHistorian Data Display of WorkstationST (<v07.09.15) could allow an attacker to compromise a victim's browser. WorkstationST is only deployed in specific, controlled environments rendering attack complexity significantly higher than if the attack were conducted on the software in isolation. WorkstationST v07.09.15 can be found in ControlST v07.09.07 SP8 and greater.
Max CVSS
6.1
EPSS Score
0.07%
Published
2022-08-25
Updated
2022-08-29
A Reflected Cross-site scripting (XSS) issue was discovered in dotCMS Core through 22.06. This occurs in the admin portal when the configuration has XSS_PROTECTION_ENABLED=false. NOTE: the vendor disputes this because the current product behavior, in effect, has XSS_PROTECTION_ENABLED=true in all configurations
Max CVSS
6.1
EPSS Score
0.07%
Published
2022-08-05
Updated
2024-03-21
Archer Platform 6.9 SP2 P2 before 6.11 P3 (6.11.0.3) contain a reflected XSS vulnerability. A remote unauthenticated malicious Archer user could potentially exploit this vulnerability by tricking a victim application user into supplying malicious JavaScript code to the vulnerable web application. This code is then reflected to the victim and gets executed by the web browser in the context of the vulnerable web application. 6.10 P4 (6.10.0.4) and 6.11 P2 HF4 (6.11.0.2.4) are also fixed releases.
Max CVSS
7.0
EPSS Score
0.08%
Published
2022-08-25
Updated
2022-08-29
Archer Platform 6.x before 6.11 P3 contain an HTML injection vulnerability. An authenticated remote attacker could potentially exploit this vulnerability by tricking a victim application user to execute malicious code in the context of the web application. 6.10 P4 (6.10.0.4) and 6.11 P2 HF4 (6.11.0.2.4) are also fixed releases.
Max CVSS
7.6
EPSS Score
0.07%
Published
2022-08-25
Updated
2022-08-30
DolphinPHP 1.5.1 is vulnerable to Cross Site Scripting (XSS) via Background - > System - > system function - > configuration management.
Max CVSS
5.4
EPSS Score
0.06%
Published
2022-08-19
Updated
2022-08-22
MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the Blacklist endpoint.
Max CVSS
5.4
EPSS Score
0.06%
Published
2022-08-25
Updated
2022-08-26
MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to IFRAME Injectionvia the currentRequest parameter. after login leads to inject malicious tag leads to IFRAME injection.
Max CVSS
5.4
EPSS Score
0.06%
Published
2022-08-25
Updated
2022-08-29
MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the whitelist endpoint.
Max CVSS
5.4
EPSS Score
0.06%
Published
2022-08-25
Updated
2022-08-26
MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the data_leak_list_ajax endpoint.
Max CVSS
5.4
EPSS Score
0.06%
Published
2022-08-25
Updated
2022-08-26
MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the rulles_list_ajax endpoint.
Max CVSS
5.4
EPSS Score
0.06%
Published
2022-08-25
Updated
2022-08-26
MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the currentRequest parameter.
Max CVSS
5.4
EPSS Score
0.06%
Published
2022-08-25
Updated
2022-08-27
Piwigo 12.3.0 is vulnerable to Cross Site Scripting (XSS) via /search/1940/created-monthly-list.
Max CVSS
6.1
EPSS Score
0.08%
Published
2022-08-31
Updated
2022-09-06
Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting (XSS). An attacker can obtain javascript code execution by adding arbitrary javascript code in the 'Location' field of a calendar event.
Max CVSS
5.4
EPSS Score
0.06%
Published
2022-08-25
Updated
2022-08-27
249 vulnerabilities found
1 2 3 4 5 6 7 8 9 10
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!