U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): xss
  • Search Type: Search All
There are 21,824 matching records.
Displaying matches 201 through 220.
Vuln ID Summary CVSS Severity
CVE-2023-23732

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joel James Disqus Conditional Load plugin <= 11.0.6 versions.

Published: May 09, 2023; 7:15:09 AM -0400
V3.1: 4.8 MEDIUM
V2.0:(not available)
CVE-2023-23793

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Eightweb Interactive Read More Without Refresh plugin <= 3.1 versions.

Published: May 09, 2023; 6:15:10 AM -0400
V3.1: 4.8 MEDIUM
V2.0:(not available)
CVE-2023-23664

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in ConvertBox ConvertBox Auto Embed WordPress plugin <= 1.0.19 versions.

Published: May 09, 2023; 6:15:10 AM -0400
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2022-41640

Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in Rymera Web Co Wholesale Suite plugin <= 2.1.5 versions.

Published: May 09, 2023; 6:15:10 AM -0400
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-23863

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Black and White Digital Ltd TreePress – Easy Family Trees & Ancestor Profiles plugin <= 2.0.22 versions.

Published: May 09, 2023; 4:15:08 AM -0400
V3.1: 4.8 MEDIUM
V2.0:(not available)
CVE-2023-30742

SAP CRM (WebClient UI) - versions S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 700, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in a stored Cross-Site Scripting (XSS) vulnerability.An attacker could store a malicious URL and lure the victim to click, causing the script supplied by the attacker to execute in the victim user's session. The information from the victim's session could then be modified or read by the attacker.

Published: May 08, 2023; 10:15:12 PM -0400
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2023-29188

SAP CRM WebClient UI - versions SAPSCORE 129, S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker with user level access can read and modify some sensitive information but cannot delete the data.

Published: May 08, 2023; 9:15:08 PM -0400
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-22710

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in chilidevs Return and Warranty Management System for WooCommerce plugin <= 1.2.3 versions.

Published: May 08, 2023; 7:15:09 PM -0400
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2023-24376

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Nico Graff WP Simple Events plugin <= 1.0 versions.

Published: May 08, 2023; 6:15:09 PM -0400
V3.1: 4.8 MEDIUM
V2.0:(not available)
CVE-2023-23894

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Surbma Surbma | GDPR Proof Cookie Consent & Notice Bar plugin <= 17.5.3 versions.

Published: May 08, 2023; 6:15:09 PM -0400
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-31183

Cybonet PineApp Mail Secure A reflected cross-site scripting (XSS) vulnerability was identified in the product, using an unspecified endpoint.

Published: May 08, 2023; 5:15:12 PM -0400
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2023-31180

WJJ Software - InnoKB Server, InnoKB/Console 2.2.1 - Reflected cross-site scripting (RXSS) through an unspecified request.

Published: May 08, 2023; 5:15:12 PM -0400
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2023-30334

AsmBB v2.9.1 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the MiniMag.asm and bbcode.asm libraries.

Published: May 08, 2023; 5:15:11 PM -0400
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2023-2582

A prototype pollution vulnerability exists in Strikingly CMS which can result in reflected cross-site scripting (XSS) in affected applications and sites built with Strikingly. The vulnerability exists because of Strikingly JavaScript library parsing the URL fragment allows access to the __proto__ or constructor properties and the Object prototype. By leveraging an embedded gadget like jQuery, an attacker who convinces a victim to visit a specially crafted link could achieve arbitrary javascript execution in the context of the user's browser.

Published: May 08, 2023; 5:15:11 PM -0400
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2023-28493

Auth (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability in Macho Themes NewsMag theme <= 2.4.4 versions.

Published: May 08, 2023; 11:15:10 AM -0400
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-24408

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Ecwid Ecommerce Ecwid Ecommerce Shopping Cart plugin <= 6.11.4 versions.

Published: May 08, 2023; 11:15:10 AM -0400
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2022-47439

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Rocket Apps Open Graphite plugin <= 1.6.0 versions.

Published: May 08, 2023; 11:15:09 AM -0400
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2022-47437

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Branko Borilovic WSB Brands plugin <= 1.1.8 versions.

Published: May 08, 2023; 11:15:09 AM -0400
V3.1: 4.8 MEDIUM
V2.0:(not available)
CVE-2022-45065

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Squirrly SEO Plugin by Squirrly SEO plugin <= 12.1.20 versions.

Published: May 08, 2023; 11:15:09 AM -0400
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2023-1660

The AI ChatBot WordPress plugin before 4.4.9 does not have authorisation and CSRF in a function hooked to init, allowing unauthenticated users to update some settings, leading to Stored XSS due to the lack of escaping when outputting them in the admin dashboard

Published: May 08, 2023; 10:15:13 AM -0400
V3.1: 6.1 MEDIUM
V2.0:(not available)