U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): xss
  • Search Type: Search All
There are 11,031 matching records.
Displaying matches 301 through 320.
Vuln ID Summary CVSS Severity
CVE-2025-31874

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ajay WebberZone Snippetz allows Stored XSS. This issue affects WebberZone Snippetz: from n/a through 2.1.0.

Published: April 01, 2025; 11:16:29 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-31873

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sheetdb SheetDB allows Stored XSS. This issue affects SheetDB: from n/a through 1.3.3.

Published: April 01, 2025; 11:16:29 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-31869

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Modernaweb Studio Black Widgets For Elementor allows Stored XSS. This issue affects Black Widgets For Elementor: from n/a through 1.3.9.

Published: April 01, 2025; 11:16:29 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-31864

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Out the Box Beam me up Scotty – Back to Top Button allows Stored XSS. This issue affects Beam me up Scotty – Back to Top Button: from n/a through 1.0.23.

Published: April 01, 2025; 11:16:28 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-31861

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPOrbit Support Perfect Font Awesome Integration allows Stored XSS. This issue affects Perfect Font Awesome Integration: from n/a through 2.2.

Published: April 01, 2025; 11:16:27 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-31860

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPeka WP AdCenter allows Stored XSS. This issue affects WP AdCenter: from n/a through 2.5.9.

Published: April 01, 2025; 11:16:27 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-31857

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpWax Directorist AddonsKit for Elementor allows Stored XSS. This issue affects Directorist AddonsKit for Elementor: from n/a through 1.1.6.

Published: April 01, 2025; 11:16:27 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-31855

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in softnwords SMM API allows Stored XSS. This issue affects SMM API: from n/a through 6.0.27.

Published: April 01, 2025; 11:16:26 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-31853

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Erez Hadas-Sonnenschein Smartarget Popup allows Stored XSS. This issue affects Smartarget Popup: from n/a through 1.4.

Published: April 01, 2025; 11:16:26 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-31851

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in markkinchin Beds24 Online Booking allows Stored XSS. This issue affects Beds24 Online Booking: from n/a through 2.0.26.

Published: April 01, 2025; 11:16:26 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-31850

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RedefiningTheWeb PDF Generator Addon for Elementor Page Builder allows Stored XSS. This issue affects PDF Generator Addon for Elementor Page Builder: from n/a through 1.7.5.

Published: April 01, 2025; 11:16:26 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-31849

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fbtemplates Nemesis All-in-One allows Stored XSS. This issue affects Nemesis All-in-One: from n/a through 1.1.0.

Published: April 01, 2025; 11:16:25 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-31847

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themelooks mFolio Lite allows DOM-Based XSS. This issue affects mFolio Lite: from n/a through 1.2.2.

Published: April 01, 2025; 11:16:25 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-31844

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noor Alam Magical Blocks allows Stored XSS. This issue affects Magical Blocks: from n/a through 1.0.10.

Published: April 01, 2025; 11:16:25 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-31838

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in eventbee Eventbee RSVP Widget allows DOM-Based XSS. This issue affects Eventbee RSVP Widget: from n/a through 1.0.

Published: April 01, 2025; 11:16:24 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-31837

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Codeus WP Proposals allows Stored XSS. This issue affects WP Proposals: from n/a through 2.3.

Published: April 01, 2025; 11:16:24 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-31835

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brice Capobianco WP Plugin Info Card allows DOM-Based XSS. This issue affects WP Plugin Info Card: from n/a through 5.2.5.

Published: April 01, 2025; 11:16:23 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-31829

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in devscred ShopCred allows DOM-Based XSS. This issue affects ShopCred: from n/a through 1.2.8.

Published: April 01, 2025; 11:16:23 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-31823

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpoperations WPoperation Elementor Addons allows Stored XSS. This issue affects WPoperation Elementor Addons: from n/a through 1.1.9.

Published: April 01, 2025; 11:16:22 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-31818

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ContentBot.ai ContentBot AI Writer allows Stored XSS. This issue affects ContentBot AI Writer: from n/a through 1.2.4.

Published: April 01, 2025; 11:16:21 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)