U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): xss
  • Search Type: Search Last 3 Months
There are 815 matching records.
Displaying matches 101 through 120.
Vuln ID Summary CVSS Severity
CVE-2024-35640

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tomas Cordero Safety Exit allows Stored XSS.This issue affects Safety Exit: from n/a through 1.7.0.

Published: June 03, 2024; 4:15:09 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-35643

Cross Site Scripting (XSS) vulnerability in Xabier Miranda WP Back Button allows Stored XSS.This issue affects WP Back Button: from n/a through 1.1.3.

Published: June 03, 2024; 3:15:09 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-35642

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Bryan Hadaway Site Favicon allows Stored XSS.This issue affects Site Favicon: from n/a through 0.2.

Published: June 03, 2024; 3:15:09 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-35641

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in GregRoss Just Writing Statistics allows Stored XSS.This issue affects Just Writing Statistics: from n/a through 4.5.

Published: June 03, 2024; 3:15:09 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-37031

The Active Admin (aka activeadmin) framework before 3.2.2 for Ruby on Rails allows stored XSS in certain situations where users can create entities (to be later edited in forms) with arbitrary names, aka a "dynamic form legends" issue. 4.0.0.beta7 is also a fixed version.

Published: June 03, 2024; 2:15:10 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-35647

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Global Notification Bar allows Stored XSS.This issue affects Global Notification Bar: from n/a through 1.0.1.

Published: June 01, 2024; 8:15:38 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-35646

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Smartarget Smartarget Message Bar allows Stored XSS.This issue affects Smartarget Message Bar: from n/a through 1.3.

Published: June 01, 2024; 8:15:38 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-35645

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in vinoth06 Random Banner allows Stored XSS.This issue affects Random Banner: from n/a through 4.2.8.

Published: June 01, 2024; 8:15:37 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-34000

ID numbers displayed in the lesson overview report required additional sanitizing to prevent a stored XSS risk.

Published: May 31, 2024; 4:15:10 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-33998

Insufficient escaping of participants' names in the participants page table resulted in a stored XSS risk when interacting with some features.

Published: May 31, 2024; 4:15:09 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-33997

Additional sanitizing was required when opening the equation editor to prevent a stored XSS risk when editing another user's equation.

Published: May 31, 2024; 4:15:09 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-36374

In JetBrains TeamCity before 2024.03.2 stored XSS via build step settings was possible

Published: May 29, 2024; 10:15:24 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-36373

In JetBrains TeamCity before 2024.03.2 several stored XSS in untrusted builds settings were possible

Published: May 29, 2024; 10:15:24 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-36372

In JetBrains TeamCity before 2023.05.6 reflected XSS on the subscriptions page was possible

Published: May 29, 2024; 10:15:24 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-36371

In JetBrains TeamCity before 2023.05.6, 2023.11.5 stored XSS in Commit status publisher was possible

Published: May 29, 2024; 10:15:24 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-36370

In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS via OAuth connection settings was possible

Published: May 29, 2024; 10:15:24 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-36369

In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS via issue tracker integration was possible

Published: May 29, 2024; 10:15:23 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-36368

In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 reflected XSS via OAuth provider configuration was possible

Published: May 29, 2024; 10:15:23 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-36367

In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS via third-party reports was possible

Published: May 29, 2024; 10:15:23 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-36366

In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 an XSS could be executed via certain report grouping and filtering operations

Published: May 29, 2024; 10:15:23 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)