U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): xss
  • Search Type: Search All
There are 21,889 matching records.
Displaying matches 221 through 240.
Vuln ID Summary CVSS Severity
CVE-2023-27419

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Everest themes Viable Blog theme <= 1.1.4 versions.

Published: May 10, 2023; 5:15:13 AM -0400 		V3.1: 6.1 MEDIUM
 V2.0:(not available)
CVE-2023-24406

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Muneeb ur Rehman Simple PopUp plugin <= 1.8.6 versions.

Published: May 10, 2023; 5:15:13 AM -0400 		V3.1: 4.8 MEDIUM
 V2.0:(not available)
CVE-2023-23873

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Flector BBSpoiler plugin <= 2.01 versions.

Published: May 10, 2023; 5:15:13 AM -0400 		V3.1: 5.4 MEDIUM
 V2.0:(not available)
CVE-2023-23794

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alex Moss Semalt Blocker plugin <= 1.1.3 versions.

Published: May 10, 2023; 5:15:12 AM -0400 		V3.1: 4.8 MEDIUM
 V2.0:(not available)
CVE-2023-22696

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Custom4Web Affiliate Links Lite plugin <= 2.5 versions.

Published: May 10, 2023; 5:15:12 AM -0400 		V3.1: 5.4 MEDIUM
 V2.0:(not available)
CVE-2022-32970

Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Themify Themify Portfolio Post plugin <= 1.2.4 versions.

Published: May 10, 2023; 5:15:09 AM -0400 		V3.1: 5.4 MEDIUM
 V2.0:(not available)
CVE-2023-28932

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPMobile.App WPMobile.App — Android and iOS Mobile Application plugin <= 11.20 versions.

Published: May 10, 2023; 4:15:11 AM -0400 		V3.1: 4.8 MEDIUM
 V2.0:(not available)
CVE-2023-24418

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Tiny carousel horizontal slider plus plugin <= 3.2 versions.

Published: May 10, 2023; 4:15:11 AM -0400 		V3.1: 4.8 MEDIUM
 V2.0:(not available)
CVE-2023-24392

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Full Width Banner Slider Wp plugin <= 1.1.7 versions.

Published: May 10, 2023; 4:15:11 AM -0400 		V3.1: 6.1 MEDIUM
 V2.0:(not available)
CVE-2023-23812

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joost de Valk Enhanced WP Contact Form plugin <= 2.2.3 versions.

Published: May 10, 2023; 4:15:11 AM -0400 		V3.1: 4.8 MEDIUM
 V2.0:(not available)
CVE-2023-23789

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Premmerce Premmerce Redirect Manager plugin <= 1.0.9 versions.

Published: May 10, 2023; 4:15:11 AM -0400 		V3.1: 4.8 MEDIUM
 V2.0:(not available)
CVE-2023-23788

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Florin Arjocu Custom More Link Complete plugin <= 1.4.1 versions.

Published: May 10, 2023; 4:15:11 AM -0400 		V3.1: 4.8 MEDIUM
 V2.0:(not available)
CVE-2023-23786

Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Christof Servit affiliate-toolkit plugin <= 3.3.3 versions.

Published: May 10, 2023; 4:15:11 AM -0400 		V3.1: 5.4 MEDIUM
 V2.0:(not available)
CVE-2023-23701

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Andrew @ Geeenville Web Design Easy Sign Up plugin <= 3.4.1 versions.

Published: May 10, 2023; 4:15:10 AM -0400 		V3.1: 5.4 MEDIUM
 V2.0:(not available)
CVE-2023-22711

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Agent Evolution IMPress Listings plugin <= 2.6.2 versions.

Published: May 10, 2023; 4:15:09 AM -0400 		V3.1: 5.4 MEDIUM
 V2.0:(not available)
CVE-2023-30777

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WP Engine Advanced Custom Fields Pro, WP Engine Advanced Custom Fields plugins <= 6.1.5 versions.

Published: May 10, 2023; 2:15:18 AM -0400 		V3.1: 6.1 MEDIUM
 V2.0:(not available)
CVE-2023-2615

Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.21.

Published: May 10, 2023; 2:15:16 AM -0400 		V3.1: 5.4 MEDIUM
 V2.0:(not available)
CVE-2023-2614

Cross-site Scripting (XSS) - DOM in GitHub repository pimcore/pimcore prior to 10.5.21.

Published: May 10, 2023; 2:15:15 AM -0400 		V3.1: 5.4 MEDIUM
 V2.0:(not available)
CVE-2023-2616

Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.21.

Published: May 10, 2023; 1:15:11 AM -0400 		V3.1: 5.4 MEDIUM
 V2.0:(not available)
CVE-2023-30057

Multiple stored cross-site scripting (XSS) vulnerabilities in FICO Origination Manager Decision Module 4.8.1 allow attackers to execute arbitrary web scripts or HTML via a crafted payload.

Published: May 09, 2023; 5:15:11 PM -0400 		V3.1: 5.4 MEDIUM
 V2.0:(not available)