U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): xss
  • Search Type: Search All
There are 6,881 matching records.
Displaying matches 381 through 400.
Vuln ID Summary CVSS Severity
CVE-2023-49182

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fabio Marzocca List all posts by Authors, nested Categories and Titles allows Reflected XSS.This issue affects List all posts by Authors, nested Categories and Titles: from n/a through 2.7.10.

Published: December 15, 2023; 10:15:09 AM -0500
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2023-49181

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Event Manager WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce allows Stored XSS.This issue affects WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce: from n/a through 3.1.40.

Published: December 15, 2023; 10:15:09 AM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-49180

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ternstyle LLC Automatic Youtube Video Posts Plugin allows Stored XSS.This issue affects Automatic Youtube Video Posts Plugin: from n/a through 5.2.2.

Published: December 15, 2023; 10:15:09 AM -0500
V3.1: 4.8 MEDIUM
V2.0:(not available)
CVE-2023-49179

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in N.O.U.S. Open Useful and Simple Event post allows Stored XSS.This issue affects Event post: from n/a through 5.8.6.

Published: December 15, 2023; 10:15:09 AM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-49178

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mr. Hdwplayer HDW Player Plugin (Video Player & Video Gallery) allows Reflected XSS.This issue affects HDW Player Plugin (Video Player & Video Gallery): from n/a through 5.0.

Published: December 15, 2023; 10:15:08 AM -0500
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2023-49177

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Gilles Dumas which template file allows Reflected XSS.This issue affects which template file: from n/a through 4.9.0.

Published: December 15, 2023; 10:15:08 AM -0500
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2023-49176

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeRevolution WP Pocket URLs allows Reflected XSS.This issue affects WP Pocket URLs: from n/a through 1.0.2.

Published: December 15, 2023; 10:15:08 AM -0500
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2023-49175

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kreativo Pro KP Fastest Tawk.To Chat allows Stored XSS.This issue affects KP Fastest Tawk.To Chat: from n/a through 1.1.1.

Published: December 15, 2023; 10:15:08 AM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-49174

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dFactory Responsive Lightbox & Gallery allows Stored XSS.This issue affects Responsive Lightbox & Gallery: from n/a through 2.4.5.

Published: December 15, 2023; 10:15:08 AM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-49170

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in captainform Forms by CaptainForm – Form Builder for WordPress allows Reflected XSS.This issue affects Forms by CaptainForm – Form Builder for WordPress: from n/a through 2.5.3.

Published: December 15, 2023; 10:15:07 AM -0500
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2023-49169

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in datafeedr.Com Ads by datafeedr.Com allows Stored XSS.This issue affects Ads by datafeedr.Com: from n/a through 1.2.0.

Published: December 15, 2023; 10:15:07 AM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-49165

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Real Big Plugins Client Dash allows Stored XSS.This issue affects Client Dash: from n/a through 2.2.1.

Published: December 15, 2023; 9:15:15 AM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-49160

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in formzu Inc. Formzu WP allows Stored XSS.This issue affects Formzu WP: from n/a through 1.6.6.

Published: December 15, 2023; 9:15:15 AM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-48765

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Till Krüss Email Address Encoder allows Stored XSS.This issue affects Email Address Encoder: from n/a through 1.0.22.

Published: December 15, 2023; 9:15:14 AM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-48618

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

Published: December 15, 2023; 6:15:46 AM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-48617

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

Published: December 15, 2023; 6:15:46 AM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-48614

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

Published: December 15, 2023; 6:15:45 AM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-48612

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

Published: December 15, 2023; 6:15:45 AM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-48611

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

Published: December 15, 2023; 6:15:44 AM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-48610

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

Published: December 15, 2023; 6:15:44 AM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)