U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): xss
  • Search Type: Search All
There are 11,842 matching records.
Displaying matches 181 through 200.
Vuln ID Summary CVSS Severity
CVE-2025-52707

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FirelightWP Firelight Lightbox allows Stored XSS. This issue affects Firelight Lightbox: from n/a through 2.3.16.

Published: June 20, 2025; 11:15:31 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-50051

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chad Butler WP-Members allows Stored XSS.This issue affects WP-Members: from n/a through 3.5.4.

Published: June 20, 2025; 11:15:31 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-50050

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BlueGlass Interactive AG Jobs for WordPress allows Stored XSS. This issue affects Jobs for WordPress: from n/a through 2.7.12.

Published: June 20, 2025; 11:15:31 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-50049

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in prismtechstudios Modern Footnotes allows Stored XSS. This issue affects Modern Footnotes: from n/a through 1.4.19.

Published: June 20, 2025; 11:15:31 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-50048

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Atakan Au Automatically Hierarchic Categories in Menu allows Stored XSS. This issue affects Automatically Hierarchic Categories in Menu: from n/a through 2.0.9.

Published: June 20, 2025; 11:15:31 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-50047

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webvitaly Sitekit allows Stored XSS. This issue affects Sitekit: from n/a through 1.9.

Published: June 20, 2025; 11:15:31 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-50046

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in StellarWP WPComplete allows Stored XSS. This issue affects WPComplete: from n/a through 2.9.5.

Published: June 20, 2025; 11:15:31 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-50045

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ProWCPlugins Related Products Manager for WooCommerce allows DOM-Based XSS. This issue affects Related Products Manager for WooCommerce: from n/a through 1.6.2.

Published: June 20, 2025; 11:15:30 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-50043

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jordy Meow Code Engine allows Stored XSS. This issue affects Code Engine: from n/a through 0.3.2.

Published: June 20, 2025; 11:15:30 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-50042

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aviplugins.com WP Register Profile With Shortcode allows Stored XSS. This issue affects WP Register Profile With Shortcode: from n/a through 3.6.1.

Published: June 20, 2025; 11:15:30 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-50041

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Engine Gutenberg Blocks – ACF Blocks Suite allows Stored XSS. This issue affects Gutenberg Blocks – ACF Blocks Suite: from n/a through 2.6.11.

Published: June 20, 2025; 11:15:30 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-50038

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in anantaddons Anant Addons for Elementor allows Stored XSS. This issue affects Anant Addons for Elementor: from n/a through 1.2.0.

Published: June 20, 2025; 11:15:30 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-50037

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Buying Buddy Buying Buddy IDX CRM allows DOM-Based XSS. This issue affects Buying Buddy IDX CRM: from n/a through 2.3.0.

Published: June 20, 2025; 11:15:29 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-50035

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CyrilG Fyrebox Quizzes allows Stored XSS. This issue affects Fyrebox Quizzes: from n/a through 3.0.

Published: June 20, 2025; 11:15:29 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-50033

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sparkle Themes Fitness Park allows DOM-Based XSS. This issue affects Fitness Park: from n/a through 1.1.1.

Published: June 20, 2025; 11:15:29 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-50030

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sparkle Themes Spark Multipurpose allows DOM-Based XSS. This issue affects Spark Multipurpose: from n/a through 1.0.7.

Published: June 20, 2025; 11:15:29 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-50027

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in xootix Login/Signup Popup allows Stored XSS. This issue affects Login/Signup Popup: from n/a through 2.9.4.

Published: June 20, 2025; 11:15:29 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-50026

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in spoki Spoki allows Stored XSS. This issue affects Spoki: from n/a through 2.16.0.

Published: June 20, 2025; 11:15:28 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-50025

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codepeople CP Polls allows Stored XSS. This issue affects CP Polls: from n/a through 1.0.81.

Published: June 20, 2025; 11:15:28 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-50024

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Truong Thanh ATP Call Now allows Stored XSS. This issue affects ATP Call Now: from n/a through 1.0.3.

Published: June 20, 2025; 11:15:28 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)