NVD - Results

Sort results by:

Search Results (Refine Search)

Search Parameters:

Results Type: Overview
Keyword (text search): xss
Search Type: Search All

There are 21,824 matching records.

Displaying matches 201 through 220.

Vuln ID	Summary	CVSS Severity
CVE-2023-23732	Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joel James Disqus Conditional Load plugin <= 11.0.6 versions. Published: May 09, 2023; 7:15:09 AM -0400	V3.1: 4.8 MEDIUM V2.0:(not available)
CVE-2023-23793	Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Eightweb Interactive Read More Without Refresh plugin <= 3.1 versions. Published: May 09, 2023; 6:15:10 AM -0400	V3.1: 4.8 MEDIUM V2.0:(not available)
CVE-2023-23664	Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in ConvertBox ConvertBox Auto Embed WordPress plugin <= 1.0.19 versions. Published: May 09, 2023; 6:15:10 AM -0400	V3.1: 5.4 MEDIUM V2.0:(not available)
CVE-2022-41640	Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in Rymera Web Co Wholesale Suite plugin <= 2.1.5 versions. Published: May 09, 2023; 6:15:10 AM -0400	V3.1: 5.4 MEDIUM V2.0:(not available)
CVE-2023-23863	Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Black and White Digital Ltd TreePress – Easy Family Trees & Ancestor Profiles plugin <= 2.0.22 versions. Published: May 09, 2023; 4:15:08 AM -0400	V3.1: 4.8 MEDIUM V2.0:(not available)
CVE-2023-30742	SAP CRM (WebClient UI) - versions S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 700, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in a stored Cross-Site Scripting (XSS) vulnerability.An attacker could store a malicious URL and lure the victim to click, causing the script supplied by the attacker to execute in the victim user's session. The information from the victim's session could then be modified or read by the attacker. Published: May 08, 2023; 10:15:12 PM -0400	V3.1: 6.1 MEDIUM V2.0:(not available)
CVE-2023-29188	SAP CRM WebClient UI - versions SAPSCORE 129, S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker with user level access can read and modify some sensitive information but cannot delete the data. Published: May 08, 2023; 9:15:08 PM -0400	V3.1: 5.4 MEDIUM V2.0:(not available)
CVE-2023-22710	Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in chilidevs Return and Warranty Management System for WooCommerce plugin <= 1.2.3 versions. Published: May 08, 2023; 7:15:09 PM -0400	V3.1: 6.1 MEDIUM V2.0:(not available)
CVE-2023-24376	Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Nico Graff WP Simple Events plugin <= 1.0 versions. Published: May 08, 2023; 6:15:09 PM -0400	V3.1: 4.8 MEDIUM V2.0:(not available)
CVE-2023-23894	Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Surbma Surbma \| GDPR Proof Cookie Consent & Notice Bar plugin <= 17.5.3 versions. Published: May 08, 2023; 6:15:09 PM -0400	V3.1: 5.4 MEDIUM V2.0:(not available)
CVE-2023-31183	Cybonet PineApp Mail Secure A reflected cross-site scripting (XSS) vulnerability was identified in the product, using an unspecified endpoint. Published: May 08, 2023; 5:15:12 PM -0400	V3.1: 6.1 MEDIUM V2.0:(not available)
CVE-2023-31180	WJJ Software - InnoKB Server, InnoKB/Console 2.2.1 - Reflected cross-site scripting (RXSS) through an unspecified request. Published: May 08, 2023; 5:15:12 PM -0400	V3.1: 6.1 MEDIUM V2.0:(not available)
CVE-2023-30334	AsmBB v2.9.1 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the MiniMag.asm and bbcode.asm libraries. Published: May 08, 2023; 5:15:11 PM -0400	V3.1: 6.1 MEDIUM V2.0:(not available)
CVE-2023-2582	A prototype pollution vulnerability exists in Strikingly CMS which can result in reflected cross-site scripting (XSS) in affected applications and sites built with Strikingly. The vulnerability exists because of Strikingly JavaScript library parsing the URL fragment allows access to the __proto__ or constructor properties and the Object prototype. By leveraging an embedded gadget like jQuery, an attacker who convinces a victim to visit a specially crafted link could achieve arbitrary javascript execution in the context of the user's browser. Published: May 08, 2023; 5:15:11 PM -0400	V3.1: 6.1 MEDIUM V2.0:(not available)
CVE-2023-28493	Auth (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability in Macho Themes NewsMag theme <= 2.4.4 versions. Published: May 08, 2023; 11:15:10 AM -0400	V3.1: 5.4 MEDIUM V2.0:(not available)
CVE-2023-24408	Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Ecwid Ecommerce Ecwid Ecommerce Shopping Cart plugin <= 6.11.4 versions. Published: May 08, 2023; 11:15:10 AM -0400	V3.1: 5.4 MEDIUM V2.0:(not available)
CVE-2022-47439	Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Rocket Apps Open Graphite plugin <= 1.6.0 versions. Published: May 08, 2023; 11:15:09 AM -0400	V3.1: 6.1 MEDIUM V2.0:(not available)
CVE-2022-47437	Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Branko Borilovic WSB Brands plugin <= 1.1.8 versions. Published: May 08, 2023; 11:15:09 AM -0400	V3.1: 4.8 MEDIUM V2.0:(not available)
CVE-2022-45065	Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Squirrly SEO Plugin by Squirrly SEO plugin <= 12.1.20 versions. Published: May 08, 2023; 11:15:09 AM -0400	V3.1: 6.1 MEDIUM V2.0:(not available)
CVE-2023-1660	The AI ChatBot WordPress plugin before 4.4.9 does not have authorisation and CSRF in a function hooked to init, allowing unauthenticated users to update some settings, leading to Stored XSS due to the lack of escaping when outputting them in the admin dashboard Published: May 08, 2023; 10:15:13 AM -0400	V3.1: 6.1 MEDIUM V2.0:(not available)