U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): xss
  • Search Type: Search All
There are 11,797 matching records.
Displaying matches 161 through 180.
Vuln ID Summary CVSS Severity
CVE-2025-50018

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tealium Tealium allows Stored XSS. This issue affects Tealium: from n/a through 2.1.17.

Published: June 20, 2025; 11:15:27 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-50017

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Matt WP Voting Contest allows Stored XSS. This issue affects WP Voting Contest: from n/a through 5.8.

Published: June 20, 2025; 11:15:27 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-50016

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brijeshk89 IP Based Login allows Stored XSS. This issue affects IP Based Login: from n/a through 2.4.2.

Published: June 20, 2025; 11:15:27 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-50015

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rodrigo Bastos Hand Talk allows Stored XSS. This issue affects Hand Talk: from n/a through 6.0.

Published: June 20, 2025; 11:15:27 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-50014

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in iamapinan PDPA Consent for Thailand allows Stored XSS. This issue affects PDPA Consent for Thailand: from n/a through 1.1.1.

Published: June 20, 2025; 11:15:27 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-50013

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jason Judge CSV Importer Improved allows Stored XSS. This issue affects CSV Importer Improved: from n/a through 0.6.1.

Published: June 20, 2025; 11:15:26 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-50012

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fridaysystems Inventory Presser allows Stored XSS. This issue affects Inventory Presser: from n/a through 15.0.0.

Published: June 20, 2025; 11:15:26 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-50011

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Félix Martínez Recipes manager - WPH allows Stored XSS. This issue affects Recipes manager - WPH: from n/a through 1.0.4.

Published: June 20, 2025; 11:15:26 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-49873

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NasaTheme Elessi allows Reflected XSS. This issue affects Elessi: from n/a through 6.3.9.

Published: June 20, 2025; 11:15:20 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-50183

OpenList Frontend is a UI component for OpenList. Prior to version 4.0.0-rc.4, a vulnerability exists in the file preview/browsing feature of the application, where files with a .py extension that contain JavaScript code wrapped in <script> tags may be interpreted and executed as HTML in certain modes. This leads to a stored XSS vulnerability. This issue has been patched in version 4.0.0-rc.4.

Published: June 18, 2025; 11:15:25 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-49882

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Emraan Cheema CubeWP Framework allows DOM-Based XSS. This issue affects CubeWP Framework: from n/a through 1.1.23.

Published: June 17, 2025; 11:15:52 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-49881

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CyberChimps Responsive Blocks allows Stored XSS. This issue affects Responsive Blocks: from n/a through 2.0.5.

Published: June 17, 2025; 11:15:52 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-49878

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Greg Winiarski WPAdverts allows DOM-Based XSS. This issue affects WPAdverts: from n/a through 2.2.4.

Published: June 17, 2025; 11:15:52 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-49875

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in IfSo Dynamic Content If-So Dynamic Content Personalization allows Stored XSS. This issue affects If-So Dynamic Content Personalization: from n/a through 1.9.3.1.

Published: June 17, 2025; 11:15:52 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-49871

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brian Mutende Noptin allows Stored XSS. This issue affects Noptin: from n/a through 3.8.7.

Published: June 17, 2025; 11:15:51 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-49863

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Codeus Advanced Sermons allows Stored XSS. This issue affects Advanced Sermons: from n/a through 3.6.

Published: June 17, 2025; 11:15:51 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-49862

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in motov.net Ebook Store allows Stored XSS. This issue affects Ebook Store: from n/a through 5.8008.

Published: June 17, 2025; 11:15:50 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-49861

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Timur Kamaev Kama Click Counter allows Stored XSS. This issue affects Kama Click Counter: from n/a through 4.0.3.

Published: June 17, 2025; 11:15:50 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-49859

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in etruel WP Views Counter allows Stored XSS. This issue affects WP Views Counter: from n/a through 2.0.3.

Published: June 17, 2025; 11:15:50 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-49858

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tychesoftwares Arconix Shortcodes allows Stored XSS. This issue affects Arconix Shortcodes: from n/a through 2.1.17.

Published: June 17, 2025; 11:15:50 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)