U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): xss
  • Search Type: Search All
There are 11,369 matching records.
Displaying matches 241 through 260.
Vuln ID Summary CVSS Severity
CVE-2025-32609

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Picture-Planet GmbH Verowa Connect allows Reflected XSS. This issue affects Verowa Connect: from n/a through 3.0.4.

Published: April 17, 2025; 12:15:46 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-32608

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Movylo Movylo Marketing Automation allows Reflected XSS. This issue affects Movylo Marketing Automation: from n/a through 2.0.7.

Published: April 17, 2025; 12:15:46 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-32606

Cross-Site Request Forgery (CSRF) vulnerability in Deepak Khokhar Listings for Buildium allows Stored XSS. This issue affects Listings for Buildium: from n/a through 0.1.4.

Published: April 17, 2025; 12:15:46 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-32605

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in expresstechsoftware MemberPress Discord Addon allows Reflected XSS. This issue affects MemberPress Discord Addon: from n/a through 1.1.1.

Published: April 17, 2025; 12:15:46 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-32604

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sajjad Aslani AWSA Shipping allows Reflected XSS. This issue affects AWSA Shipping: from n/a through 1.3.0.

Published: April 17, 2025; 12:15:46 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-32602

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aiiddqd WooMS allows Reflected XSS. This issue affects WooMS: from n/a through 9.12.

Published: April 17, 2025; 12:15:45 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-32592

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 TableOn – WordPress Posts Table Filterable allows Stored XSS. This issue affects TableOn – WordPress Posts Table Filterable: from n/a through 1.0.3.

Published: April 17, 2025; 12:15:45 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-32590

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tzin111 Web2application allows Reflected XSS. This issue affects Web2application: from n/a through 5.6.

Published: April 17, 2025; 12:15:45 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-32588

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Credova Financial Credova_Financial allows Reflected XSS. This issue affects Credova_Financial: from n/a through 2.4.8.

Published: April 17, 2025; 12:15:45 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-32582

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EXEIdeas International WP AutoKeyword allows Stored XSS. This issue affects WP AutoKeyword: from n/a through 1.0.

Published: April 17, 2025; 12:15:44 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-32578

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mapro Collins Coming Soon Countdown allows Reflected XSS. This issue affects Coming Soon Countdown: from n/a through 2.2.

Published: April 17, 2025; 12:15:44 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-32566

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ashraful Sarkar Naiem License For Envato allows Reflected XSS. This issue affects License For Envato: from n/a through 1.0.0.

Published: April 17, 2025; 12:15:44 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-32564

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tomroyal Stop Registration Spam allows Reflected XSS. This issue affects Stop Registration Spam: from n/a through 1.24.

Published: April 17, 2025; 12:15:44 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-32562

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aviplugins.com WP Easy Poll allows Reflected XSS. This issue affects WP Easy Poll: from n/a through 2.2.9.

Published: April 17, 2025; 12:15:43 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-32561

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in plugins.club WP_DEBUG Toggle allows Reflected XSS. This issue affects WP_DEBUG Toggle: from n/a through 1.1.

Published: April 17, 2025; 12:15:43 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-32560

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mohammad I. Okfie WP-Hijri allows Reflected XSS. This issue affects WP-Hijri: from n/a through 1.5.3.

Published: April 17, 2025; 12:15:43 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-32557

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rico Macchi WP Featured Screenshot allows Reflected XSS. This issue affects WP Featured Screenshot: from n/a through 1.3.

Published: April 17, 2025; 12:15:43 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-32554

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Raptive Raptive Ads allows Reflected XSS. This issue affects Raptive Ads: from n/a through 3.7.3.

Published: April 17, 2025; 12:15:43 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-32552

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory MSRP (RRP) Pricing for WooCommerce allows Reflected XSS. This issue affects MSRP (RRP) Pricing for WooCommerce: from n/a through 1.8.1.

Published: April 17, 2025; 12:15:43 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-32548

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in borisolhor Hamburger Icon Menu Lite allows Reflected XSS. This issue affects Hamburger Icon Menu Lite: from n/a through 1.0.

Published: April 17, 2025; 12:15:43 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)