) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): xss
- Search Type: Search All
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2025-50018 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tealium Tealium allows Stored XSS. This issue affects Tealium: from n/a through 2.1.17. Published: June 20, 2025; 11:15:27 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2025-50017 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Matt WP Voting Contest allows Stored XSS. This issue affects WP Voting Contest: from n/a through 5.8. Published: June 20, 2025; 11:15:27 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2025-50016 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brijeshk89 IP Based Login allows Stored XSS. This issue affects IP Based Login: from n/a through 2.4.2. Published: June 20, 2025; 11:15:27 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2025-50015 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rodrigo Bastos Hand Talk allows Stored XSS. This issue affects Hand Talk: from n/a through 6.0. Published: June 20, 2025; 11:15:27 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2025-50014 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in iamapinan PDPA Consent for Thailand allows Stored XSS. This issue affects PDPA Consent for Thailand: from n/a through 1.1.1. Published: June 20, 2025; 11:15:27 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2025-50013 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jason Judge CSV Importer Improved allows Stored XSS. This issue affects CSV Importer Improved: from n/a through 0.6.1. Published: June 20, 2025; 11:15:26 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2025-50012 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fridaysystems Inventory Presser allows Stored XSS. This issue affects Inventory Presser: from n/a through 15.0.0. Published: June 20, 2025; 11:15:26 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2025-50011 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Félix Martínez Recipes manager - WPH allows Stored XSS. This issue affects Recipes manager - WPH: from n/a through 1.0.4. Published: June 20, 2025; 11:15:26 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2025-49873 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NasaTheme Elessi allows Reflected XSS. This issue affects Elessi: from n/a through 6.3.9. Published: June 20, 2025; 11:15:20 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2025-50183 |
OpenList Frontend is a UI component for OpenList. Prior to version 4.0.0-rc.4, a vulnerability exists in the file preview/browsing feature of the application, where files with a .py extension that contain JavaScript code wrapped in <script> tags may be interpreted and executed as HTML in certain modes. This leads to a stored XSS vulnerability. This issue has been patched in version 4.0.0-rc.4. Published: June 18, 2025; 11:15:25 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2025-49882 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Emraan Cheema CubeWP Framework allows DOM-Based XSS. This issue affects CubeWP Framework: from n/a through 1.1.23. Published: June 17, 2025; 11:15:52 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2025-49881 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CyberChimps Responsive Blocks allows Stored XSS. This issue affects Responsive Blocks: from n/a through 2.0.5. Published: June 17, 2025; 11:15:52 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2025-49878 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Greg Winiarski WPAdverts allows DOM-Based XSS. This issue affects WPAdverts: from n/a through 2.2.4. Published: June 17, 2025; 11:15:52 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2025-49875 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in IfSo Dynamic Content If-So Dynamic Content Personalization allows Stored XSS. This issue affects If-So Dynamic Content Personalization: from n/a through 1.9.3.1. Published: June 17, 2025; 11:15:52 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2025-49871 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brian Mutende Noptin allows Stored XSS. This issue affects Noptin: from n/a through 3.8.7. Published: June 17, 2025; 11:15:51 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2025-49863 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Codeus Advanced Sermons allows Stored XSS. This issue affects Advanced Sermons: from n/a through 3.6. Published: June 17, 2025; 11:15:51 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2025-49862 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in motov.net Ebook Store allows Stored XSS. This issue affects Ebook Store: from n/a through 5.8008. Published: June 17, 2025; 11:15:50 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2025-49861 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Timur Kamaev Kama Click Counter allows Stored XSS. This issue affects Kama Click Counter: from n/a through 4.0.3. Published: June 17, 2025; 11:15:50 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2025-49859 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in etruel WP Views Counter allows Stored XSS. This issue affects WP Views Counter: from n/a through 2.0.3. Published: June 17, 2025; 11:15:50 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2025-49858 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tychesoftwares Arconix Shortcodes allows Stored XSS. This issue affects Arconix Shortcodes: from n/a through 2.1.17. Published: June 17, 2025; 11:15:50 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |