U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): xss
  • Search Type: Search All
There are 11,473 matching records.
Displaying matches 261 through 280.
Vuln ID Summary CVSS Severity
CVE-2025-46451

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Syed Balkhi Floating Social Bar allows Stored XSS. This issue affects Floating Social Bar: from n/a through 1.1.7.

Published: April 24, 2025; 12:15:36 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-46450

Cross-Site Request Forgery (CSRF) vulnerability in x000x occupancyplan allows Stored XSS. This issue affects occupancyplan: from n/a through 1.0.3.0.

Published: April 24, 2025; 12:15:36 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-46449

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Novium WoWHead Tooltips allows Stored XSS. This issue affects WoWHead Tooltips: from n/a through 2.0.1.

Published: April 24, 2025; 12:15:35 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-46447

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFable Fable Extra allows DOM-Based XSS. This issue affects Fable Extra: from n/a through 1.0.6.

Published: April 24, 2025; 12:15:35 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-46445

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pReya External Markdown allows Stored XSS. This issue affects External Markdown: from n/a through 0.0.1.

Published: April 24, 2025; 12:15:35 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-46442

Cross-Site Request Forgery (CSRF) vulnerability in Casey Johnson Loan Calculator allows Stored XSS. This issue affects Loan Calculator: from n/a through 1.3.

Published: April 24, 2025; 12:15:35 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-46438

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in warmwhisky GTDB Guitar Tuners allows Stored XSS. This issue affects GTDB Guitar Tuners: from n/a through 4.2.2.

Published: April 24, 2025; 12:15:34 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-46435

Cross-Site Request Forgery (CSRF) vulnerability in Yash Binani Time Based Greeting allows Stored XSS. This issue affects Time Based Greeting: from n/a through 2.2.2.

Published: April 24, 2025; 12:15:34 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-46261

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Craig Hewitt Seriously Simple Podcasting allows Stored XSS. This issue affects Seriously Simple Podcasting: from n/a through 3.9.0.

Published: April 24, 2025; 12:15:34 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-46260

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wowDevs Sky Addons for Elementor allows Stored XSS. This issue affects Sky Addons for Elementor: from n/a through 3.0.1.

Published: April 24, 2025; 12:15:34 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-46234

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Habibur Rahman Razib Control Listings allows Reflected XSS. This issue affects Control Listings: from n/a through 1.0.4.1.

Published: April 24, 2025; 12:15:33 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-39408

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EverPress BruteGuard – Brute Force Login Protection allows Reflected XSS. This issue affects BruteGuard – Brute Force Login Protection: from n/a through 0.1.4.

Published: April 24, 2025; 12:15:33 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-39400

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpeverest User Registration allows Reflected XSS. This issue affects User Registration: from n/a through n/a.

Published: April 24, 2025; 12:15:32 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-39397

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in [email protected] Anything Popup allows Reflected XSS. This issue affects Anything Popup: from n/a through 7.3.

Published: April 24, 2025; 12:15:32 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-39382

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in danielpataki ACF: Google Font Selector allows Reflected XSS. This issue affects ACF: Google Font Selector: from n/a through 3.0.1.

Published: April 24, 2025; 12:15:31 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-39381

Cross-Site Request Forgery (CSRF) vulnerability in Kiotviet KiotViet Sync allows Stored XSS. This issue affects KiotViet Sync: from n/a through 1.8.4.

Published: April 24, 2025; 12:15:31 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-2703

The built-in XY Chart plugin is vulnerable to a DOM XSS vulnerability. A user with Editor permissions is able to modify such a panel in order to make it execute arbitrary JavaScript.

Published: April 23, 2025; 8:15:16 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-43952

A cross-site scripting (reflected XSS) vulnerability was found in Mettler Toledo FreeWeight.Net Web Reports Viewer 8.4.0 (440). It allows an attacker to inject malicious scripts via the IW_SessionID_ parameter.

Published: April 22, 2025; 2:16:01 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-23175

Multiple XSS (CWE-79)

Published: April 22, 2025; 9:15:42 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-46254

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Visual Composer Visual Composer Website Builder allows Stored XSS. This issue affects Visual Composer Website Builder: from n/a through 45.10.0.

Published: April 22, 2025; 6:15:20 AM -0400
V4.0:(not available)
V3.1: 5.4 MEDIUM
V2.0:(not available)