U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): xss
  • Search Type: Search All
There are 11,370 matching records.
Displaying matches 221 through 240.
Vuln ID Summary CVSS Severity
CVE-2025-39415

Cross-Site Request Forgery (CSRF) vulnerability in Jayesh Parejiya Social Media Links allows Stored XSS. This issue affects Social Media Links: from n/a through 1.0.3.

Published: April 17, 2025; 12:15:51 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-39414

Cross-Site Request Forgery (CSRF) vulnerability in Mike spam-stopper allows Stored XSS. This issue affects spam-stopper: from n/a through 3.1.3.

Published: April 17, 2025; 12:15:51 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-32674

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Product Excel Import Export & Bulk Edit for WooCommerce allows Reflected XSS. This issue affects Product Excel Import Export & Bulk Edit for WooCommerce: from n/a through 4.7.

Published: April 17, 2025; 12:15:50 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-32670

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mark Parnell Spark GF Failed Submissions allows Reflected XSS. This issue affects Spark GF Failed Submissions: from n/a through 1.3.5.

Published: April 17, 2025; 12:15:50 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-32666

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hive Support Hive Support allows Reflected XSS. This issue affects Hive Support: from n/a through 1.2.2.

Published: April 17, 2025; 12:15:50 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-32655

Cross-Site Request Forgery (CSRF) vulnerability in DevriX Restrict User Registration allows Stored XSS. This issue affects Restrict User Registration: from n/a through 1.0.1.

Published: April 17, 2025; 12:15:49 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-32653

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lee Blue Cart66 Cloud allows Reflected XSS. This issue affects Cart66 Cloud: from n/a through 2.3.7.

Published: April 17, 2025; 12:15:49 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-32651

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in serpednet SERPed.net allows Reflected XSS. This issue affects SERPed.net: from n/a through 4.6.

Published: April 17, 2025; 12:15:49 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-32649

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gb-plugins GB Gallery Slideshow allows Reflected XSS. This issue affects GB Gallery Slideshow: from n/a through 1.3.

Published: April 17, 2025; 12:15:49 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-32646

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Question Answer allows Reflected XSS. This issue affects Question Answer: from n/a through 1.2.70.

Published: April 17, 2025; 12:15:48 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-32639

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wecantrack Affiliate Links Lite allows Reflected XSS. This issue affects Affiliate Links Lite: from n/a through 3.1.0.

Published: April 17, 2025; 12:15:48 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-32638

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weptile ShopApper allows Stored XSS. This issue affects ShopApper: from n/a through 0.4.39.

Published: April 17, 2025; 12:15:48 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-32637

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ketanajani WP Donate allows Stored XSS. This issue affects WP Donate: from n/a through 2.0.

Published: April 17, 2025; 12:15:48 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-32634

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mdedev Run Contests, Raffles, and Giveaways with ContestsWP allows Reflected XSS. This issue affects Run Contests, Raffles, and Giveaways with ContestsWP: from n/a through 2.0.6.

Published: April 17, 2025; 12:15:47 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-32630

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CMSJunkie - WordPress Business Directory Plugins WP-BusinessDirectory allows Reflected XSS. This issue affects WP-BusinessDirectory: from n/a through 3.1.2.

Published: April 17, 2025; 12:15:47 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-32628

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Wham Crowdfunding for WooCommerce allows Reflected XSS. This issue affects Crowdfunding for WooCommerce: from n/a through 3.1.12.

Published: April 17, 2025; 12:15:47 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-32625

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pootlepress Mobile Pages allows Reflected XSS. This issue affects Mobile Pages: from n/a through 1.0.2.

Published: April 17, 2025; 12:15:47 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-32622

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OTP-less OTP-less one tap Sign in allows Reflected XSS. This issue affects OTP-less one tap Sign in: from n/a through 2.0.58.

Published: April 17, 2025; 12:15:47 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-32615

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Clinked Clinked Client Portal allows Reflected XSS. This issue affects Clinked Client Portal: from n/a through 1.10.

Published: April 17, 2025; 12:15:46 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-32613

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bowo Debug Log Manager allows Stored XSS. This issue affects Debug Log Manager: from n/a through 2.3.4.

Published: April 17, 2025; 12:15:46 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)