U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): xss
  • Search Type: Search All
There are 11,369 matching records.
Displaying matches 401 through 420.
Vuln ID Summary CVSS Severity
CVE-2025-2160

Pega Platform versions 8.4.3 to Infinity 24.2.1 are affected by an XSS issue with Mashup

Published: April 14, 2025; 11:15:24 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-49708

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Stored XSS (Cross-site Scripting) attacks. An attacker might trick a user into filling a form designed for setting delivery address with a malicious script, what causes the script to run in user's context.  This vulnerability has been patched in version 79.0

Published: April 14, 2025; 8:15:15 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-49707

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS (Cross-site Scripting) attacks. An attacker might trick a user into filling a form designed for resetting user's password with a malicious script, what causes the script to run in user's context.  This vulnerability has been patched in version 79.0

Published: April 14, 2025; 8:15:15 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-13598

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS (Cross-site Scripting) attacks. Using a functionality of creating new form fields one creates new parameters vulnerable to XSS attacks. A user tricked into filling such a form with a malicious script will run the code in their's context.  This vulnerability has been patched in version 79.0

Published: April 14, 2025; 8:15:14 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-13597

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS (Cross-site Scripting) attacks. An attacker might trick a user into filling a form sent to login panel at /softcom/ with a malicious script, what causes the script to run in user's context.  This vulnerability has been patched in version 79.0

Published: April 14, 2025; 8:15:14 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-10090

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS (Cross-site Scripting) attacks. An attacker might trick a user into filling a form designed for adding users with a malicious script, what causes the script to run in user's context.  This vulnerability has been patched in version 79.0

Published: April 14, 2025; 8:15:14 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-10089

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Stored XSS (Cross-site Scripting) attacks. An attacker might trick a user into filling a form designed for changing user's data with a malicious script, what causes the script to run in user's context.  This vulnerability has been patched in version 79.0

Published: April 14, 2025; 8:15:14 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-10088

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS (Cross-site Scripting) attacks. An attacker might trick a user into filling a login form with a malicious script, what causes the script to run in user's context.  This vulnerability has been patched in version 79.0

Published: April 14, 2025; 8:15:14 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-10087

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS (Cross-site Scripting) attacks. An attacker might craft a link containing a malicious script, which then gets directly embedded in references to other resources, what causes the script to run in user's context multiple times.  This vulnerability has been patched in version 79.0

Published: April 14, 2025; 8:15:13 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-27009

Cross-Site Request Forgery (CSRF) vulnerability in wphocus My auctions allegro allows Stored XSS.This issue affects My auctions allegro: from n/a through 3.6.20.

Published: April 14, 2025; 7:15:15 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-32632

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in KaizenCoders Automatic Ban IP allows Reflected XSS. This issue affects Automatic Ban IP: from n/a through 1.0.7.

Published: April 11, 2025; 5:15:33 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-32601

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in twispay Twispay Credit Card Payments allows Reflected XSS. This issue affects Twispay Credit Card Payments: from n/a through 2.1.2.

Published: April 11, 2025; 5:15:31 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-32600

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tournamatch Tournamatch allows Reflected XSS. This issue affects Tournamatch: from n/a through 4.6.1.

Published: April 11, 2025; 5:15:31 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-32599

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in miunosoft Task Scheduler allows Reflected XSS. This issue affects Task Scheduler: from n/a through 1.6.3.

Published: April 11, 2025; 5:15:31 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-32598

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Table Builder WP Table Builder allows Reflected XSS. This issue affects WP Table Builder: from n/a through 2.0.4.

Published: April 11, 2025; 5:15:30 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-32586

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ABA Bank ABA PayWay Payment Gateway for WooCommerce allows Reflected XSS. This issue affects ABA PayWay Payment Gateway for WooCommerce: from n/a through 2.1.3.

Published: April 11, 2025; 5:15:29 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-32553

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Magnigenie RestroPress allows Reflected XSS. This issue affects RestroPress: from n/a through 3.1.8.4.

Published: April 11, 2025; 5:15:27 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-32551

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jaap Jansma Connector to CiviCRM with CiviMcRestFace allows Reflected XSS. This issue affects Connector to CiviCRM with CiviMcRestFace: from n/a through 1.0.8.

Published: April 11, 2025; 5:15:27 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-32541

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in infosoftplugin WooCommerce Sales MIS Report allows Reflected XSS. This issue affects WooCommerce Sales MIS Report: from n/a through 4.0.3.

Published: April 11, 2025; 5:15:26 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-32539

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Josh Kohlbach WooCommerce – Store Exporter allows Reflected XSS. This issue affects WooCommerce – Store Exporter: from n/a through 2.7.4.

Published: April 11, 2025; 5:15:26 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)