U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): xss
  • Search Type: Search All
There are 21,901 matching records.
Displaying matches 261 through 280.
Vuln ID Summary CVSS Severity
CVE-2023-31802

Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the skype and linedin_url parameters.

Published: May 09, 2023; 12:15:14 PM -0400 		V3.1: 5.4 MEDIUM
 V2.0:(not available)
CVE-2023-31801

Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the skills wheel parameter.

Published: May 09, 2023; 12:15:14 PM -0400 		V3.1: 6.1 MEDIUM
 V2.0:(not available)
CVE-2023-31800

Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the forum title parameter.

Published: May 09, 2023; 12:15:14 PM -0400 		V3.1: 5.4 MEDIUM
 V2.0:(not available)
CVE-2023-31799

Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the system annnouncements parameter.

Published: May 09, 2023; 12:15:14 PM -0400 		V3.1: 4.8 MEDIUM
 V2.0:(not available)
CVE-2023-23647

Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in Sk. Abul Hasan Team Member – Team with Slider plugin <= 4.4 versions.

Published: May 09, 2023; 9:15:16 AM -0400 		V3.1: 5.4 MEDIUM
 V2.0:(not available)
CVE-2022-46864

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Umair Saleem Woocommerce Custom Checkout Fields Editor With Drag & Drop plugin <= 0.1 versions.

Published: May 09, 2023; 9:15:16 AM -0400 		V3.1: 6.1 MEDIUM
 V2.0:(not available)
CVE-2022-46858

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Amin A.Rezapour Product Specifications for Woocommerce plugin <= 0.6.0 versions.

Published: May 09, 2023; 9:15:16 AM -0400 		V3.1: 6.1 MEDIUM
 V2.0:(not available)
CVE-2022-46844

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in PixelGrade PixFields plugin <= 0.7.0 versions.

Published: May 09, 2023; 9:15:16 AM -0400 		V3.1: 5.4 MEDIUM
 V2.0:(not available)
CVE-2022-46822

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in JC Development Team WooCommerce JazzCash Gateway Plugin plugin <= 2.0 versions.

Published: May 09, 2023; 9:15:16 AM -0400 		V3.1: 6.1 MEDIUM
 V2.0:(not available)
CVE-2023-24372

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in USB Memory Direct Simple Custom Author Profiles plugin <= 1.0.0 versions.

Published: May 09, 2023; 7:15:09 AM -0400 		V3.1: 4.8 MEDIUM
 V2.0:(not available)
CVE-2023-23884

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kanban for WordPress Kanban Boards for WordPress plugin <= 2.5.20 versions.

Published: May 09, 2023; 7:15:09 AM -0400 		V3.1: 4.8 MEDIUM
 V2.0:(not available)
CVE-2023-23883

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in David Gwyer WP Content Filter plugin <= 3.0.1 versions.

Published: May 09, 2023; 7:15:09 AM -0400 		V3.1: 4.8 MEDIUM
 V2.0:(not available)
CVE-2023-23862

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Vertical scroll recent post plugin <= 14.0 versions.

Published: May 09, 2023; 7:15:09 AM -0400 		V3.1: 5.4 MEDIUM
 V2.0:(not available)
CVE-2023-23734

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in David Voswinkel Userlike – WordPress Live Chat plugin <= 2.2 versions.

Published: May 09, 2023; 7:15:09 AM -0400 		V3.1: 4.8 MEDIUM
 V2.0:(not available)
CVE-2023-23733

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joel James Lazy Social Comments plugin <= 2.0.4 versions.

Published: May 09, 2023; 7:15:09 AM -0400 		V3.1: 4.8 MEDIUM
 V2.0:(not available)
CVE-2023-23732

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joel James Disqus Conditional Load plugin <= 11.0.6 versions.

Published: May 09, 2023; 7:15:09 AM -0400 		V3.1: 4.8 MEDIUM
 V2.0:(not available)
CVE-2023-23793

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Eightweb Interactive Read More Without Refresh plugin <= 3.1 versions.

Published: May 09, 2023; 6:15:10 AM -0400 		V3.1: 4.8 MEDIUM
 V2.0:(not available)
CVE-2023-23664

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in ConvertBox ConvertBox Auto Embed WordPress plugin <= 1.0.19 versions.

Published: May 09, 2023; 6:15:10 AM -0400 		V3.1: 5.4 MEDIUM
 V2.0:(not available)
CVE-2022-41640

Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in Rymera Web Co Wholesale Suite plugin <= 2.1.5 versions.

Published: May 09, 2023; 6:15:10 AM -0400 		V3.1: 5.4 MEDIUM
 V2.0:(not available)
CVE-2023-23863

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Black and White Digital Ltd TreePress – Easy Family Trees & Ancestor Profiles plugin <= 2.0.22 versions.

Published: May 09, 2023; 4:15:08 AM -0400 		V3.1: 4.8 MEDIUM
 V2.0:(not available)