U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): xss
  • Search Type: Search All
There are 7,655 matching records.
Displaying matches 321 through 340.
Vuln ID Summary CVSS Severity
CVE-2024-32950

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DeBAAT WP Media Category Management allows Reflected XSS.This issue affects WP Media Category Management: from n/a through 2.2.

Published: April 24, 2024; 5:15:08 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-32834

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebToffee WooCommerce Shipping Label allows Stored XSS.This issue affects WooCommerce Shipping Label: from n/a through 2.3.8.

Published: April 24, 2024; 5:15:08 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-32833

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nick Halsey List Custom Taxonomy Widget allows Stored XSS.This issue affects List Custom Taxonomy Widget: from n/a through 4.1.

Published: April 24, 2024; 5:15:07 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-32815

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeroen Peters All-in-one Like Widget allows Stored XSS.This issue affects All-in-one Like Widget: from n/a through 2.2.7.

Published: April 24, 2024; 5:15:07 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-32801

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ShapedPlugin Widget Post Slider allows Stored XSS.This issue affects Widget Post Slider: from n/a through 1.3.5.

Published: April 24, 2024; 5:15:07 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-32791

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Leap13 Premium Addons for Elementor allows Stored XSS.This issue affects Premium Addons for Elementor: from n/a through 4.10.25.

Published: April 24, 2024; 5:15:06 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-32698

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Leevio Happy Addons for Elementor allows Stored XSS.This issue affects Happy Addons for Elementor: from n/a through 3.10.4.

Published: April 22, 2024; 4:15:39 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-32697

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HelloAsso allows Stored XSS.This issue affects HelloAsso: from n/a through 1.1.5.

Published: April 22, 2024; 4:15:39 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-32696

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuantumCloud Infographic Maker – iList allows Stored XSS.This issue affects Infographic Maker – iList: from n/a through 4.6.6.

Published: April 22, 2024; 4:15:38 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-32695

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Marco Gasi Language Switcher for Transposh allows Reflected XSS.This issue affects Language Switcher for Transposh: from n/a through 1.5.9.

Published: April 22, 2024; 4:15:38 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-32694

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Creative interactive media 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin allows Reflected XSS.This issue affects 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin: from n/a through 3.62.

Published: April 22, 2024; 4:15:38 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-32690

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fahad Mahmood RSS Feed Widget allows Stored XSS.This issue affects RSS Feed Widget: from n/a through 2.9.7.

Published: April 22, 2024; 4:15:37 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-29217

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Answer.This issue affects Apache Answer: before 1.3.0. XSS attack when user changes personal website. A logged-in user, when modifying their personal website, can input malicious code in the website to create such an attack. Users are recommended to upgrade to version [1.3.0], which fixes the issue.

Published: April 21, 2024; 12:15:47 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-29183

OpenRASP is a RASP solution that directly integrates its protection engine into the application server by instrumentation. There exists a reflected XSS in the /login page due to a reflection of the redirect parameter. This allows an attacker to execute arbitrary javascript with the permissions of a user after the user logins with their account.

Published: April 19, 2024; 12:15:10 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-29029

memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/image that allows unauthenticated users to enumerate the internal network and retrieve images. The response from the image request is then copied into the response of the current server request, causing a reflected XSS vulnerability.

Published: April 19, 2024; 12:15:09 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-3654

An XSS vulnerability has been found in Teimas Global's Teixo, version 1.42.42-stable. This vulnerability could allow an attacker to send a specially crafted JavaScript payload via the "seconds" parameter in the program's URL, resulting in a possible takeover of a registered user's session.

Published: April 19, 2024; 9:15:13 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-2761

The Genesis Blocks WordPress plugin before 3.1.3 does not properly escape data input provided to some of its blocks, allowing using with at least contributor privileges to conduct Stored XSS attacks.

Published: April 19, 2024; 1:15:49 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-27306

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for static file handling. This vulnerability is fixed in 3.9.4. We have always recommended using a reverse proxy server (e.g. nginx) for serving static files. Users following the recommendation are unaffected. Other users can disable `show_index` if unable to upgrade.

Published: April 18, 2024; 11:15:29 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-32553

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in looks_awesome Superfly Menu allows Stored XSS.This issue affects Superfly Menu: from n/a through 5.0.25.

Published: April 18, 2024; 7:15:38 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-32552

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tagbox Taggbox allows Stored XSS.This issue affects Taggbox: from n/a through 3.2.

Published: April 18, 2024; 7:15:38 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)