Medium
CVE-2023-41249
In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during copying Build Step
Tag: Reflected XSS
All CVEs associated with "Reflected XSS". Page 18/23 • 2754 CVEs.
Subscribe CVEs: RSS for “Reflected XSS” · RSS (High+Critical only)
About “Reflected XSS”
A curated feed of “Reflected XSS”-related CVEs appears below. We currently track 2754 CVEs for this tag (all time). In the last 365 days, 598 were published. Average CVSS is 6.7 (all time; 6.9 over 365d), and 66% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), CWE-352 - Cross-Site Request Forgery (CSRF), CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS).
In our taxonomy this topic maps to a MODERATE impact class. Common exploitation patterns for this weakness can lead to moderate. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2023-08-25
2023-08-23
Medium
CVE-2023-41098
An issue was discovered in MISP 2.4.174. In app/Controller/DashboardsController.php, a reflected XSS issue exists via the id parameter upon a dashboard edit.
2023-08-14
Medium
CVE-2023-40312
Multiple reflected XSS were found on different JSP files with unsanitized parameters in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms that an attacker can modify to cr…
2023-08-10
Medium
CVE-2023-38333
Zoho ManageEngine Applications Manager through 16530 allows reflected XSS while logged in.
2023-08-08
Medium
CVE-2023-3652
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Digital Ant E-Commerce Software allows Reflected XSS. This issue affects E-Commerce Software: be…
2023-08-03
High
CVE-2023-4136
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CrafterCMS Engine on Windows, MacOS, Linux, x86, ARM, 64 bit allows Reflected XSS.This issue affe…
2023-08-02
Medium
CVE-2023-3500
An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.0 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. A r…
2023-08-01
Medium
CVE-2023-23548
Reflected XSS in business intelligence in Checkmk <2.2.0p8, <2.1.0p32, <2.0.0p38, <=1.6.0p30.
2023-07-31
Medium
CVE-2023-3134
The Forminator WordPress plugin before 1.24.4 does not properly escape values that are being reflected inside form fields that use pre-populated query parameters, which could lead to reflected XSS at…
Medium
CVE-2023-0602
The Twittee Text Tweet WordPress plugin through 1.0.8 does not properly escape POST values which are printed back to the user inside one of the plugin's administrative page, which allows reflected XS…
2023-07-25
Medium
CVE-2023-39175
In JetBrains TeamCity before 2023.05.2 reflected XSS via GitHub integration was possible
2023-07-13
Medium
CVE-2023-29457
Reflected XSS attacks, occur when a malicious script is reflected off a web application to the victim's browser. The script can be activated through Action form fields, which can be sent as request t…
Medium
CVE-2023-29455
Reflected XSS attacks, also known as non-persistent attacks, occur when a malicious script is reflected off a web application to the victim's browser. The script is activated through a link, which se…
2023-07-12
Medium
CVE-2023-38066
In JetBrains TeamCity before 2023.05.1 reflected XSS via the Referer header was possible during artifact downloads
2023-07-10
Medium
CVE-2023-2853
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Softmed SelfPatron allows Reflected XSS. This issue affects SelfPatron : before 2.0.
High
CVE-2021-42080
An attacker is able to launch a Reflected XSS attack using a crafted URL. POC: Visit the following URL https://<IPADDRESS>:8153/qstorapi/echo?inputMessage=<img%20src=x%20onerror=alert(document.cook…
2023-07-05
Medium
CVE-2023-34244
GLPI is a free asset and IT management software package. Starting in version 9.4.0 and prior to version 10.0.8, a malicious link can be crafted by an unauthenticated user that can exploit a reflected…
2023-06-28
Medium
CVE-2023-3034
Reflected XSS affects the ‘mode’ parameter in the /admin functionality of the web application in versions <=2.0.44
2023-06-13
Medium
CVE-2023-34537
A Reflected XSS was discovered in HotelDruid version 3.0.5, an attacker can issue malicious code/command on affected webpage's parameter to trick user on browser and/or exfiltrate data.
2023-06-07
Medium
CVE-2023-2015
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.8 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2.…
2023-05-31
Medium
CVE-2023-34226
In JetBrains TeamCity before 2023.05 reflected XSS in the Subscriptions page was possible
2023-05-23
High
CVE-2023-30469
Cross-site Scripting vulnerability in Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view component) allows Reflected XSS.This issue affects Hitachi Ops Center Analyzer: from 10.9.1-…
2023-05-15
Medium
CVE-2023-31145
Collabora Online is a collaborative online office suite based on LibreOffice technology. This vulnerability report describes a reflected XSS vulnerability with full CSP bypass in Nextcloud installati…
2023-05-09
Medium
CVE-2023-25831
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1and below which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentia…
Medium
CVE-2023-25830
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1and before which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potenti…
2023-05-03
High
CVE-2023-25827
Due to insufficient validation of parameters reflected in error messages by the legacy HTTP query API and the logging endpoint, it is possible to inject and execute malicious JavaScript within the br…
2023-04-28
Medium
CVE-2023-28475
Concrete CMS (previously concrete5) versions 8.5.12 and below, and versions 9.0 through 9.1.3 is vulnerable to Reflected XSS on the Reply form because msgID was not sanitized.
2023-04-26
Medium
CVE-2012-5873
ARC (aka ARC2) through 2011-12-01 allows reflected XSS via the end_point.php query parameter in an output=htmltab action.
2023-04-21
Medium
CVE-2023-26100
In Progress Flowmon before 12.2.0, an application endpoint failed to sanitize user-supplied input. A threat actor could leverage a reflected XSS vulnerability to execute arbitrary code within the con…
2023-04-17
Medium
CVE-2022-46389
There exists a reflected XSS within the logout functionality of ServiceNow versions lower than Quebec Patch 10 Hotfix 11b, Rome Patch 10 Hotfix 3b, San Diego Patch 9, Tokyo Patch 4, and Utah GA. This…
2023-04-15
Medium
CVE-2023-27572
An issue was discovered in CommScope Arris DG3450 Cable Gateway AR01.02.056.18_041520_711.NCS.10. A reflected XSS vulnerability was discovered in the https_redirect.php web page via the page paramete…
2023-04-05
Medium
CVE-2022-3513
An issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. A speci…
Medium
CVE-2023-28639
GLPI is a free asset and IT management software package. Starting in version 0.85 and prior to versions 9.5.13 and 10.0.7, a malicious link can be crafted by an unauthenticated user. It will be able…
2023-04-04
Medium
CVE-2020-36692
A reflected XSS via POST vulnerability in report scheduler of Sophos Web Appliance versions older than 4.3.10.4 allows execution of JavaScript code in the victim browser via a malicious form that mus…
2023-04-03
Medium
CVE-2023-1766
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Akbim Computer Panon allows Reflected XSS. This issue affects Panon: before 1.0.2.
Medium
CVE-2022-27665
Reflected XSS (via AngularJS sandbox escape expressions) exists in Progress Ipswitch WS_FTP Server 8.6.0. This can lead to execution of malicious code and commands on the client due to improper handl…
2023-03-31
Medium
CVE-2023-1060
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in YKM YKM CRM allows Reflected XSS. This issue affects YKM CRM: before 23.03.30.
2023-03-29
Medium
CVE-2023-26292
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security Clou…
Medium
CVE-2023-26291
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security Clou…
Medium
CVE-2023-26290
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security Clou…
2023-03-27
Medium
CVE-2022-48429
In JetBrains Hub before 2022.3.15573, 2022.2.15572, 2022.1.15583 reflected XSS in dashboards was possible
Medium
CVE-2023-25018
RIFARTEK IOT Wall transportation function has insufficient filtering for user input. An authenticated remote attacker with general user privilege can inject JavaScript to perform reflected XSS (Refle…
Medium
CVE-2023-24839
HGiga MailSherlock’s specific function has insufficient filtering for user input. An unauthenticated remote attacker can exploit this vulnerability to inject JavaScript, conducting a reflected XSS at…
2023-03-23
Medium
CVE-2023-1051
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in As Koc Energy Web Report System allows Reflected XSS. This issue affects Web Report System: befo…
2023-03-21
Medium
CVE-2023-1154
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pacsrapor allows Reflected XSS. This issue affects Pacsrapor: before 1.22.
2023-03-16
Medium
CVE-2023-27494
Streamlit, software for turning data scripts into web applications, had a cross-site scripting (XSS) vulnerability in versions 0.63.0 through 0.80.0. Users of hosted Streamlit app(s) were vulnerable…
2023-03-15
Medium
CVE-2023-0322
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Talent Software UNIS allows Reflected XSS. This issue affects UNIS: before 28376.
2023-02-27
Medium
CVE-2022-45137
The configuration backend of the web-based management is vulnerable to reflected XSS (Cross-Site Scripting) attacks that targets the users browser. This leads to a limited impact of confidentiality a…
2023-02-21
Medium
CVE-2023-22984
A Vulnerability was discovered in Axis 207W network camera. There is a reflected XSS vulnerability in the web administration portal, which allows an attacker to execute arbitrary JavaScript via URL.
2023-02-15
High
CVE-2023-23467
Media CP Media Control Panel latest version. Reflected XSS possible through unspecified endpoint.
2023-01-26
Medium
CVE-2022-47052
The web interface of the 'Nighthawk R6220 AC1200 Smart Wi-Fi Router' is vulnerable to a CRLF Injection attack that can be leveraged to perform Reflected XSS and HTML Injection. A malicious unauthenti…
Critical
CVE-2022-3572
A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions from 13.5 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. It was possible to exploit a vulnera…
2023-01-24
Medium
CVE-2022-4554
B2B Customer Ordering System developed by ID Software Project and Consultancy Services before version 1.0.0.347 has an authenticated Reflected XSS vulnerability. This has been fixed in the version 1.…
2023-01-04
Medium
CVE-2022-45051
A reflected XSS vulnerability has been found in Axiell Iguana CMS, allowing an attacker to execute code in a victim's browser. The module parameter on the Service.template.cls endpoint does not prope…
Medium
CVE-2022-45049
A reflected XSS vulnerability has been found in Axiell Iguana CMS, allowing an attacker to execute code in a victim's browser. The url parameter on the novelist.php endpoint does not properly neutral…
2022-12-29
Medium
CVE-2022-38209
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 and below which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could execute…
Medium
CVE-2022-38207
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.8.1 and 10.7.1 which may allow a remote remote, unauthenticated attacker to create a crafted link which when clicked which…
Medium
CVE-2022-38206
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 and below which may allow a remote remote, unauthenticated attacker to create a crafted link which when clicked could…
Medium
CVE-2022-38204
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.8.1 and 10.7.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potent…
2022-12-28
High
CVE-2022-23544
MeterSphere is a one-stop open source continuous testing platform, covering test management, interface testing, UI testing and performance testing. Versions prior to 2.5.0 are subject to a Server-Sid…
2022-12-12
Medium
CVE-2022-46906
Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allows an authenticated attacker to inject arbitrary HTML tags into the page processed by the user's browser, including scripts in th…
Medium
CVE-2022-46905
Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allows an unauthenticated attacker to inject arbitrary HTML tags into the page processed by the user's browser, including scripts in…
2022-12-01
Medium
CVE-2022-45050
A reflected XSS vulnerability has been found in Axiell Iguana CMS, allowing an attacker to execute code in a victim's browser. The title parameter on the twitter.php endpoint does not properly neutra…
2022-11-17
Medium
CVE-2022-39181
GLPI - Reports plugin for GLPI Reflected Cross-Site-Scripting (RXSS). Type 1: Reflected XSS (or Non-Persistent) - The server reads data directly from the HTTP request and reflects it back in the HTTP…
2022-11-14
Medium
CVE-2022-43968
Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS in the dashboard icons due to un-sanitized output. Remediate by updating to Concrete CMS 9.1.…
Medium
CVE-2022-43967
Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS in the multilingual report due to un-sanitized output. Remediate by updating to Concrete CMS…
Medium
CVE-2022-43694
Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS in the image manipulation library due to un-sanitized output.
Medium
CVE-2022-43692
Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS - user can cause an administrator to trigger reflected XSS with a url if the targeted adminis…
2022-11-08
Medium
CVE-2022-27914
An issue was discovered in Joomla! 4.0.0 through 4.2.4. Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in com_media.
2022-10-27
Medium
CVE-2021-45476
Yordam Library Information Document Automation product before version 19.02 has an unauthenticated reflected XSS vulnerability.
2022-10-25
Medium
CVE-2022-27913
An issue was discovered in Joomla! 4.2.0 through 4.2.3. Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in various components.
2022-10-12
Medium
CVE-2022-41350
In Zimbra Collaboration Suite (ZCS) 8.8.15, /h/search?action=voicemail&action=listen accepts a phone parameter that is vulnerable to Reflected XSS. This allows executing arbitrary JavaScript on the v…
Medium
CVE-2022-41349
In Zimbra Collaboration Suite (ZCS) 8.8.15, the URL at /h/compose accepts an attachUrl parameter that is vulnerable to Reflected XSS. This allows executing arbitrary JavaScript on the victim's machin…
Medium
CVE-2022-42715
A reflected XSS vulnerability exists in REDCap before 12.04.18 in the Alerts & Notifications upload feature. A crafted CSV file will, when uploaded, trigger arbitrary JavaScript code execution.
2022-09-29
Medium
CVE-2022-1719
Reflected XSS on ticket filter function in GitHub repository polonel/trudesk prior to 1.2.2. This vulnerability is capable of executing a malicious javascript code in web page
2022-09-28
Medium
CVE-2022-28816
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 the Sentilo Proxy is prone to reflected XSS which only affects the Sentilo service.
2022-09-22
Medium
CVE-2022-2266
University Library Automation System developed by Yordam Bilgi Teknolojileri before version 19.2 has an unauthenticated Reflected XSS vulnerability. This has been fixed in the version 19.2
2022-09-19
Medium
CVE-2022-40714
An issue was discovered in NOKIA 1350OMS R14.2. Reflected XSS exists under different /oms1350/* endpoints.
Medium
CVE-2022-40712
An issue was discovered in NOKIA 1350OMS R14.2. Reflected XSS exists under different /cgi-bin/R14.2* endpoints.
2022-08-25
High
CVE-2022-37318
Archer Platform 6.9 SP2 P2 before 6.11 P3 (6.11.0.3) contain a reflected XSS vulnerability. A remote unauthenticated malicious Archer user could potentially exploit this vulnerability by tricking a v…
2022-08-23
Medium
CVE-2022-38463
ServiceNow through San Diego Patch 4b and Patch 6 allows reflected XSS in the logout functionality.
2022-08-19
Medium
CVE-2022-35554
Multiple reflected XSS vulnerabilities occur when handling error message of BPC SmartVista version 3.28.0 allowing an attacker to execute javascript code at client side.
2022-08-16
Medium
CVE-2020-14320
In Moodle before 3.9.1, 3.8.4 and 3.7.7, the filter in the admin task log required extra sanitizing to prevent a reflected XSS risk.
2022-08-15
Medium
CVE-2022-38188
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 which may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute a…
Medium
CVE-2022-38186
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.8.1 and below which may allow a remote attacker able to convince a user to click on a crafted link which could potentially…
2022-08-12
Medium
CVE-2022-37044
In Zimbra Collaboration Suite (ZCS) 8.8.15, the URL at /h/search?action accepts parameters called extra, title, and onload that are partially sanitised and lead to reflected XSS that allows executing…
2022-07-25
Medium
CVE-2022-35653
A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A remote attacker can trick the vi…
Medium
CVE-2022-2514
The time and filter parameters in Fava prior to v1.22 are vulnerable to reflected XSS due to the lack of escaping of error messages which contained the parameters in verbatim.
2022-07-20
Medium
CVE-2022-29923
Cross-site Scripting (XSS) vulnerability in ThingsForRestaurants Quick Restaurant Reservations (WordPress plugin) allows Reflected XSS.This issue affects Quick Restaurant Reservations (WordPress plug…
2022-07-07
Medium
CVE-2021-44791
In Apache Druid 0.22.1 and earlier, certain specially-crafted links result in unescaped URL parameters being sent back in HTML responses. This makes it possible to execute reflected XSS attacks.
2022-07-06
Medium
CVE-2021-31676
A reflected XSS was discovered in PESCMS-V2.3.3. When combined with CSRF in the same file, they can cause bigger destruction.
2022-06-23
Medium
CVE-2022-34328
PMB 7.3.10 allows reflected XSS via the id parameter in an lvl=author_see request to index.php.
2022-06-22
Medium
CVE-2022-23081
In openlibrary versions deploy-2016-07-0 through deploy-2021-12-22 are vulnerable to Reflected XSS.
2022-06-13
Medium
CVE-2022-1756
The Newsletter WordPress plugin before 7.4.5 does not sanitize and escape the $_SERVER['REQUEST_URI'] before echoing it back in admin pages. Although this uses addslashes, and most modern browsers au…
2022-06-09
Medium
CVE-2022-2035
A reflected cross-site scripting (XSS) vulnerability exists in the playerConfUrl parameter in the /defaultui/player/modern.html file for SCORM Engine versions < 20.1.45.914, 21.1.x < 21.1.7.219. The…
2022-06-02
Medium
CVE-2022-26978
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a URL /checklogin.jsp endpoint. The os_username parameters is not correctly sanitized, leadi…
Medium
CVE-2022-26976
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. Lack of input sanitization in the upload mechanism is leads…
Medium
CVE-2022-26974
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a file upload mechanism. Lack of input sanitization in the upload mechanism leads to reflect…
Medium
CVE-2022-26972
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a URL /cgi-bin endpoint. The URL parameters are not correctly sanitized, leading to reflecte…
2022-05-20
High
CVE-2022-29876
A vulnerability has been identified in SICAM T (All versions < V3.0). Affected devices do not properly handle the input of a GET request parameter. The provided argument is directly reflected in the…
2022-05-12
Medium
CVE-2022-29927
In JetBrains TeamCity before 2022.04 reflected XSS on the Build Chain Status page was possible
Medium
CVE-2022-1682
Reflected Xss using url based payload in GitHub repository neorazorx/facturascripts prior to 2022.07. Xss can use to steal user's cookies which lead to Account takeover or do any malicious activity i…
2022-05-06
High
CVE-2022-27183
The Monitoring Console app configured in Distributed mode allows for a Reflected XSS in a query parameter in Splunk Enterprise versions before 8.1.4. The Monitoring Console app is a bundled app inclu…
2022-05-04
Medium
CVE-2022-1584
Reflected XSS in GitHub repository microweber/microweber prior to 1.2.16. Executing JavaScript as the victim
2022-04-28
Low
CVE-2022-29817
In JetBrains IntelliJ IDEA before 2022.1 reflected XSS via error messages in internal web server was possible
2022-04-22
Medium
CVE-2022-1439
Reflected XSS on demo.microweber.org/demo/module/ in GitHub repository microweber/microweber prior to 1.2.15. Execute Arbitrary JavaScript as the attacked user. It's the only payload I found working,…
2022-04-21
Medium
CVE-2022-29548
A reflected XSS issue exists in the Management Console of several WSO2 products. This affects API Manager 2.2.0, 2.5.0, 2.6.0, 3.0.0, 3.1.0, 3.2.0, and 4.0.0; API Manager Analytics 2.2.0, 2.5.0, and…
2022-04-04
Medium
CVE-2022-1164
The Wyzi Theme was affected by reflected XSS vulnerabilities in the business search feature
2022-03-30
Medium
CVE-2022-26951
Archer 6.x through 6.10 (6.10.0.0) contains a reflected XSS vulnerability. A remote SAML-unauthenticated malicious Archer user could potentially exploit this vulnerability by tricking a victim applic…
Medium
CVE-2022-26947
Archer 6.x through 6.9 SP3 (6.9.3.0) contains a reflected XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability by tricking a victim application…
2022-03-28
Medium
CVE-2022-26980
Teampass 2.1.26 allows reflected XSS via the index.php PATH_INFO.
2022-03-25
Medium
CVE-2021-40906
CheckMK Raw Edition software (versions 1.5.0 to 1.6.0) does not sanitise the input of a web service parameter that is in an unauthenticated zone. This Reflected XSS allows an attacker to open a backd…
Medium
CVE-2021-46426
phpIPAM 1.4.4 allows Reflected XSS and CSRF via app/admin/subnets/find_free_section_subnets.php of the subnets functionality.
2022-03-13
Medium
CVE-2021-45889
An issue was discovered in PONTON X/P Messenger before 3.11.2. Several functions are vulnerable to reflected XSS, as demonstrated by private/index.jsp?partners/ShowNonLocalPartners.do?localID= or pri…
2022-03-11
Medium
CVE-2021-32478
The redirect URI in the LTI authorization endpoint required extra sanitizing to prevent reflected XSS and open redirect risks. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8 and earlier u…
2022-03-09
Medium
CVE-2022-24349
An authenticated user can create a link with reflected XSS payload for actions’ pages, and send it to other users. Malicious code has access to all the same objects as the rest of the web page and ca…
Medium
CVE-2022-22511
Various configuration pages of the device are vulnerable to reflected XSS (Cross-Site Scripting) attacks. An authorized attacker with user privileges may use this to gain access to confidential infor…
2022-02-25
Medium
CVE-2022-25261
JetBrains TeamCity before 2021.2.2 was vulnerable to reflected XSS.
Medium
CVE-2022-25259
JetBrains Hub before 2021.1.14276 was vulnerable to reflected XSS.
Medium
CVE-2022-24338
JetBrains TeamCity before 2021.2.1 was vulnerable to reflected XSS.