U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): xss
  • Search Type: Search All
There are 11,608 matching records.
Displaying matches 281 through 300.
Vuln ID Summary CVSS Severity
CVE-2025-47595

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Darshan Saroya Color Your Bar allows Stored XSS. This issue affects Color Your Bar: from n/a through 2.0.

Published: May 07, 2025; 11:16:13 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-47593

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jonas Hjalmarsson Really Simple Under Construction Page allows Stored XSS. This issue affects Really Simple Under Construction Page: from n/a through 1.4.6.

Published: May 07, 2025; 11:16:12 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-47592

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lehel Mátyus Legal Terms and Conditions Popup for User Login and WooCommerce Checkout – TPUL allows Stored XSS. This issue affects Legal Terms and Conditions Popup for User Login and WooCommerce Checkout – TPUL: from n/a through 2.0.3.

Published: May 07, 2025; 11:16:12 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-47589

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in motov.net Ebook Store allows DOM-Based XSS. This issue affects Ebook Store: from n/a through 5.8007.

Published: May 07, 2025; 11:16:12 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-47547

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SendPulse SendPulse Email Marketing Newsletter allows Stored XSS. This issue affects SendPulse Email Marketing Newsletter: from n/a through 2.1.6.

Published: May 07, 2025; 11:16:11 AM -0400
V4.0:(not available)
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2025-47525

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in boldthemes Bold Page Builder allows Stored XSS. This issue affects Bold Page Builder: from n/a through 5.3.0.

Published: May 07, 2025; 11:16:09 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-47524

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in karim42 Quran multilanguage Text & Audio allows Stored XSS. This issue affects Quran multilanguage Text & Audio: from n/a through 2.3.23.

Published: May 07, 2025; 11:16:09 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-47522

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AWEOS GmbH AWEOS WP Lock allows Stored XSS. This issue affects AWEOS WP Lock: from n/a through 1.4.8.

Published: May 07, 2025; 11:16:09 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-47521

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in robosoft Robo Gallery allows Stored XSS. This issue affects Robo Gallery: from n/a through 5.0.2.

Published: May 07, 2025; 11:16:09 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-47520

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Syed Balkhi Charitable allows Stored XSS. This issue affects Charitable: from n/a through 1.8.5.1.

Published: May 07, 2025; 11:16:09 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-47518

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Scott Paterson Contact Form 7 – PayPal & Stripe Add-on allows Stored XSS. This issue affects Contact Form 7 – PayPal & Stripe Add-on: from n/a through 2.3.4.

Published: May 07, 2025; 11:16:08 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-47517

Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Accept Donations with PayPal allows Stored XSS. This issue affects Accept Donations with PayPal: from n/a through 1.4.5.

Published: May 07, 2025; 11:16:08 AM -0400
V4.0:(not available)
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2025-47516

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Scott Paterson Time Clock allows Stored XSS. This issue affects Time Clock: from n/a through 1.2.3.

Published: May 07, 2025; 11:16:08 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-47515

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Seb WP DPE-GES allows DOM-Based XSS. This issue affects WP DPE-GES: from n/a through 1.6.

Published: May 07, 2025; 11:16:06 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-47514

Cross-Site Request Forgery (CSRF) vulnerability in Eli ELI's Related Posts Footer Links and Widget allows Stored XSS. This issue affects ELI's Related Posts Footer Links and Widget: from n/a through 1.2.04.20.

Published: May 07, 2025; 11:16:06 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-47509

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ajay Top 10 allows Stored XSS. This issue affects Top 10: from n/a through 4.1.0.

Published: May 07, 2025; 11:16:06 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-47507

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ajay Better Search allows DOM-Based XSS. This issue affects Better Search: from n/a through 4.1.0.

Published: May 07, 2025; 11:16:05 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-47506

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ajay Contextual Related Posts allows DOM-Based XSS. This issue affects Contextual Related Posts: from n/a through 4.0.2.

Published: May 07, 2025; 11:16:05 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-47505

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ProWCPlugins Product Time Countdown for WooCommerce allows Stored XSS. This issue affects Product Time Countdown for WooCommerce: from n/a through 1.6.2.

Published: May 07, 2025; 11:16:05 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-47504

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Custom Checkout Fields for WooCommerce allows Stored XSS. This issue affects Custom Checkout Fields for WooCommerce: from n/a through 1.8.3.

Published: May 07, 2025; 11:16:05 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)