CVE List by Type: XSS (Filtered by Published Year)

Explore CVEs related to XSS vulnerabilities, filtered by published year. This list is sorted by most recent disclosures first and supports filtering by CVSS and EPSS risk scores.

Includes the most recent vulnerability disclosures and trends, helping security teams quickly identify high-risk issues and exploitation likelihood.

You're viewing XSS CVEs published in 2022. View full CVE list

Showing 120 of 3296 results
«« First « Prev Page 1 / 165 Next »
CVE Description Max CVSS EPSS % Published Updated
CVE-2014-125027 A vulnerability has been found in Yuna Scatari TBDev up to 2.1.17 and classified as problematic. Affected by this vulnerability is the function get_user_icons of the file usersearch.php. The manipulation of the argument n/r/r2/em/ip/co/ma/d/d2/ul/ul2/ls/ls2/dl/dl2 leads to cross site scripting. The attack can be launched remotely. Upgrading to version 2.1.18 is able to address this issue. The patch is named 0ba3fd4be29dd48fa4455c236a9403b3149a4fd4. It is recommended to upgrade the affected compo 3.5 0.52% 2022-12-31 2026-06-16
CVE-2017-20159 A vulnerability was found in rf Keynote up to 0.x on Rails. It has been rated as problematic. Affected by this issue is some unknown functionality of the file lib/keynote/rumble.rb. The manipulation of the argument value leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.0.0 is able to address this issue. The patch is identified as 05be4356b0a6ca7de48da926a9b997beb5ffeb4a. It is recommended to upgrade the affected component. VDB-217142 is the identifier as 3.5 0.68% 2022-12-31 2026-06-16
CVE-2017-20158 ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in vova07 Yii2 FileAPI Widget up to 0.1.8. It has been declared as problematic. Affected by this vulnerability is the function run of the file actions/UploadAction.php. The manipulation of the argument file leads to cross site scripting. The attack can be launched remotely. Upgrading to version 0.1.9 is able to address this issue. The identifier of the patch is c00d1e4fc912257fca1fce66d7a163bdbb4c8222. It is recommended to upgrade the aff 3.5 0.54% 2022-12-31 2026-06-16
CVE-2022-4866 Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1. 9.0 0.99% 2022-12-31 2026-06-17
CVE-2022-4865 Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1. 9.0 0.99% 2022-12-31 2026-06-17
CVE-2017-20155 A vulnerability was found in Sterc Google Analytics Dashboard for MODX up to 1.0.5. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file core/components/analyticsdashboardwidget/elements/tpl/widget.analytics.tpl of the component Internal Search. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.0.6 is able to address this issue. The identifier of the patch is 855d9560d3782c105568eedf9 3.5 0.61% 2022-12-30 2026-06-16
CVE-2022-4859 A vulnerability, which was classified as problematic, has been found in Joget up to 7.0.33. This issue affects the function submitForm of the file wflow-core/src/main/java/org/joget/plugin/enterprise/UserProfileMenu.java of the component User Profile Menu. The manipulation of the argument firstName/lastName leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 7.0.34 is able to address this issue. The patch is named 9a77f508a2bf8cf661d588f37a4cc29ecaea4fc8. It 3.5 0.50% 2022-12-30 2026-06-17
CVE-2020-36638 ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Chris92de AdminServ. It has been rated as problematic. This issue affects some unknown processing of the file resources/core/adminserv.php. The manipulation of the argument error leads to cross site scripting. The attack may be initiated remotely. The patch is named 9a45087814295de6fb3a3fe38f96293665234da1. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217043. NOTE: This vu 3.5 0.54% 2022-12-30 2026-06-16
CVE-2020-36637 ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Chris92de AdminServ. It has been declared as problematic. This vulnerability affects unknown code of the file resources/core/adminserv.php. The manipulation of the argument text leads to cross site scripting. The attack can be initiated remotely. The patch is identified as 3ed17dab3b4d6e8bf1c82ddfbf882314365e9cd7. It is recommended to apply a patch to fix this issue. VDB-217042 is the identifier assigned to this vulnerability. NOTE: Th 3.5 0.54% 2022-12-30 2026-06-16
CVE-2017-20153 A vulnerability has been found in aerouk imageserve and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument REQUEST_URI leads to cross site scripting. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of the patch is 2ac3cd4f90b4df66874fab171376ca26868604c4. It is recommended to ap 2.6 0.60% 2022-12-30 2026-06-16
CVE-2022-30519 XSS in signing form in Reprise Software RLM License Administration v14.2BL4 allows remote attacker to inject arbitrary code via password field. 6.1 2.53% 2022-12-29 2026-06-17
CVE-2022-38210 There is a reflected HTML injection vulnerability in Esri Portal for ArcGIS versions 10.9.1 and below that may allow a remote, unauthenticated attacker to create a crafted link which when clicked could render arbitrary HTML in the victim’s browser. 6.1 0.49% 2022-12-29 2026-06-17
CVE-2022-38209 There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 and below which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could execute arbitrary JavaScript code in the victim’s browser. 6.1 0.49% 2022-12-29 2026-06-17
CVE-2022-38207 There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.8.1 and 10.7.1 which may allow a remote remote, unauthenticated attacker to create a crafted link which when clicked which could execute arbitrary JavaScript code in the victim’s browser. 6.1 0.49% 2022-12-29 2026-06-17
CVE-2022-38206 There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 and below which may allow a remote remote, unauthenticated attacker to create a crafted link which when clicked could execute arbitrary JavaScript code in the victim’s browser. 6.1 0.50% 2022-12-29 2026-06-17
CVE-2022-38204 There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.8.1 and 10.7.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. 6.1 0.50% 2022-12-29 2026-06-17
CVE-2022-46181 Gotify server is a simple server for sending and receiving messages in real-time per WebSocket. Versions prior to 2.2.2 contain an XSS vulnerability that allows authenticated users to upload .html files. An attacker could execute client side scripts **if** another user opened a link. The attacker could potentially take over the account of the user that clicked the link. The Gotify UI won't natively expose such a malicious link, so an attacker has to get the user to open the malicious link in a c 6.1 0.50% 2022-12-29 2026-06-17
CVE-2022-4841 Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1. 5.4 0.60% 2022-12-29 2026-06-17
CVE-2022-4840 Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1. 5.4 0.65% 2022-12-29 2026-06-17
CVE-2022-4839 Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1. 5.4 0.77% 2022-12-29 2026-06-17
«« First « Prev Page 1 / 165 Next »
cvelogic Threat Intelligence