U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): xss
  • Search Type: Search All
There are 11,473 matching records.
Displaying matches 261 through 280.
Vuln ID Summary CVSS Severity
CVE-2025-46451

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Syed Balkhi Floating Social Bar allows Stored XSS. This issue affects Floating Social Bar: from n/a through 1.1.7.

Published: April 24, 2025; 12:15:36 PM -0400 		V4.0:(not available)
 V3.x:(not available)
 V2.0:(not available)
CVE-2025-46450

Cross-Site Request Forgery (CSRF) vulnerability in x000x occupancyplan allows Stored XSS. This issue affects occupancyplan: from n/a through 1.0.3.0.

Published: April 24, 2025; 12:15:36 PM -0400 		V4.0:(not available)
 V3.x:(not available)
 V2.0:(not available)
CVE-2025-46449

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Novium WoWHead Tooltips allows Stored XSS. This issue affects WoWHead Tooltips: from n/a through 2.0.1.

Published: April 24, 2025; 12:15:35 PM -0400 		V4.0:(not available)
 V3.x:(not available)
 V2.0:(not available)
CVE-2025-46447

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFable Fable Extra allows DOM-Based XSS. This issue affects Fable Extra: from n/a through 1.0.6.

Published: April 24, 2025; 12:15:35 PM -0400 		V4.0:(not available)
 V3.x:(not available)
 V2.0:(not available)
CVE-2025-46445

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pReya External Markdown allows Stored XSS. This issue affects External Markdown: from n/a through 0.0.1.

Published: April 24, 2025; 12:15:35 PM -0400 		V4.0:(not available)
 V3.x:(not available)
 V2.0:(not available)
CVE-2025-46442

Cross-Site Request Forgery (CSRF) vulnerability in Casey Johnson Loan Calculator allows Stored XSS. This issue affects Loan Calculator: from n/a through 1.3.

Published: April 24, 2025; 12:15:35 PM -0400 		V4.0:(not available)
 V3.x:(not available)
 V2.0:(not available)
CVE-2025-46438

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in warmwhisky GTDB Guitar Tuners allows Stored XSS. This issue affects GTDB Guitar Tuners: from n/a through 4.2.2.

Published: April 24, 2025; 12:15:34 PM -0400 		V4.0:(not available)
 V3.x:(not available)
 V2.0:(not available)
CVE-2025-46435

Cross-Site Request Forgery (CSRF) vulnerability in Yash Binani Time Based Greeting allows Stored XSS. This issue affects Time Based Greeting: from n/a through 2.2.2.

Published: April 24, 2025; 12:15:34 PM -0400 		V4.0:(not available)
 V3.x:(not available)
 V2.0:(not available)
CVE-2025-46261

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Craig Hewitt Seriously Simple Podcasting allows Stored XSS. This issue affects Seriously Simple Podcasting: from n/a through 3.9.0.

Published: April 24, 2025; 12:15:34 PM -0400 		V4.0:(not available)
 V3.x:(not available)
 V2.0:(not available)
CVE-2025-46260

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wowDevs Sky Addons for Elementor allows Stored XSS. This issue affects Sky Addons for Elementor: from n/a through 3.0.1.

Published: April 24, 2025; 12:15:34 PM -0400 		V4.0:(not available)
 V3.x:(not available)
 V2.0:(not available)
CVE-2025-46234

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Habibur Rahman Razib Control Listings allows Reflected XSS. This issue affects Control Listings: from n/a through 1.0.4.1.

Published: April 24, 2025; 12:15:33 PM -0400 		V4.0:(not available)
 V3.x:(not available)
 V2.0:(not available)
CVE-2025-39408

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EverPress BruteGuard – Brute Force Login Protection allows Reflected XSS. This issue affects BruteGuard – Brute Force Login Protection: from n/a through 0.1.4.

Published: April 24, 2025; 12:15:33 PM -0400 		V4.0:(not available)
 V3.x:(not available)
 V2.0:(not available)
CVE-2025-39400

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpeverest User Registration allows Reflected XSS. This issue affects User Registration: from n/a through n/a.

Published: April 24, 2025; 12:15:32 PM -0400 		V4.0:(not available)
 V3.x:(not available)
 V2.0:(not available)
CVE-2025-39397

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in [email protected] Anything Popup allows Reflected XSS. This issue affects Anything Popup: from n/a through 7.3.

Published: April 24, 2025; 12:15:32 PM -0400 		V4.0:(not available)
 V3.x:(not available)
 V2.0:(not available)
CVE-2025-39382

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in danielpataki ACF: Google Font Selector allows Reflected XSS. This issue affects ACF: Google Font Selector: from n/a through 3.0.1.

Published: April 24, 2025; 12:15:31 PM -0400 		V4.0:(not available)
 V3.x:(not available)
 V2.0:(not available)
CVE-2025-39381

Cross-Site Request Forgery (CSRF) vulnerability in Kiotviet KiotViet Sync allows Stored XSS. This issue affects KiotViet Sync: from n/a through 1.8.4.

Published: April 24, 2025; 12:15:31 PM -0400 		V4.0:(not available)
 V3.x:(not available)
 V2.0:(not available)
CVE-2025-2703

The built-in XY Chart plugin is vulnerable to a DOM XSS vulnerability. A user with Editor permissions is able to modify such a panel in order to make it execute arbitrary JavaScript.

Published: April 23, 2025; 8:15:16 AM -0400 		V4.0:(not available)
 V3.x:(not available)
 V2.0:(not available)
CVE-2025-43952

A cross-site scripting (reflected XSS) vulnerability was found in Mettler Toledo FreeWeight.Net Web Reports Viewer 8.4.0 (440). It allows an attacker to inject malicious scripts via the IW_SessionID_ parameter.

Published: April 22, 2025; 2:16:01 PM -0400 		V4.0:(not available)
 V3.x:(not available)
 V2.0:(not available)
CVE-2025-23175

Multiple XSS (CWE-79)

Published: April 22, 2025; 9:15:42 AM -0400 		V4.0:(not available)
 V3.x:(not available)
 V2.0:(not available)
CVE-2025-46254

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Visual Composer Visual Composer Website Builder allows Stored XSS. This issue affects Visual Composer Website Builder: from n/a through 45.10.0.

Published: April 22, 2025; 6:15:20 AM -0400 		V4.0:(not available)
 V3.1: 5.4 MEDIUM
V2.0:(not available)