U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): xss
  • Search Type: Search All
There are 11,605 matching records.
Displaying matches 421 through 440.
Vuln ID Summary CVSS Severity
CVE-2025-46233

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sirv CDN and Image Hosting Sirv allows Stored XSS. This issue affects Sirv: from n/a through 7.5.3.

Published: April 22, 2025; 6:15:16 AM -0400
V4.0:(not available)
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2025-46229

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Israpil Textmetrics allows Stored XSS. This issue affects Textmetrics: from n/a through 3.6.2.

Published: April 22, 2025; 6:15:15 AM -0400
V4.0:(not available)
V3.1: 4.8 MEDIUM
V2.0:(not available)
CVE-2025-46228

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bastien Ho Event post allows DOM-Based XSS. This issue affects Event post: from n/a through 5.9.11.

Published: April 22, 2025; 6:15:15 AM -0400
V4.0:(not available)
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2025-46227

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brecht Custom Related Posts allows Stored XSS. This issue affects Custom Related Posts: from n/a through 1.7.4.

Published: April 22, 2025; 6:15:15 AM -0400
V4.0:(not available)
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2025-46226

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ferranfg MPL-Publisher allows Stored XSS. This issue affects MPL-Publisher: from n/a through 2.18.0.

Published: April 22, 2025; 6:15:15 AM -0400
V4.0:(not available)
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2025-46225

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michael Post in page for Elementor allows DOM-Based XSS. This issue affects Post in page for Elementor: from n/a through 1.0.1.

Published: April 22, 2025; 6:15:14 AM -0400
V4.0:(not available)
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2024-12863

Stored XSS in Discussions in OpenText Content Management CE 20.2 to 25.1 on Windows and Linux allows authenticated malicious users to inject code into the system.

Published: April 21, 2025; 11:15:58 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-3840

An improper neutralization of input vulnerability was identified in the End of Life (EOL) OVA based connect installer component which is deployed for installation purposes in a customer network. This EOL component was deprecated in September 2023 with end of support extended till January 2024. An actor can manipulate the action parameter of the login form to inject malicious scripts which would lead to a XSS attack under certain conditions.

Published: April 21, 2025; 6:15:15 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2020-36844

The KnowBe4 Security Awareness Training application before 2020-01-10 allows reflected XSS. The response has a SCRIPT element that sets window.location.href to a JavaScript URL.

Published: April 20, 2025; 6:15:28 PM -0400
V4.0:(not available)
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2025-43954

QMarkdown (aka quasar-ui-qmarkdown) before 2.0.5 allows XSS via headers even when when no-html is set.

Published: April 20, 2025; 3:15:43 PM -0400
V4.0:(not available)
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2025-39469

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pantherius Modal Survey allows Reflected XSS.This issue affects Modal Survey: from n/a through 2.0.2.0.1.

Published: April 18, 2025; 1:15:33 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-39594

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bob Arigato Autoresponder and Newsletter allows Reflected XSS. This issue affects Arigato Autoresponder and Newsletter: from n/a through 2.7.2.4.

Published: April 17, 2025; 12:15:59 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-39567

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shamalli Web Directory Free allows Reflected XSS. This issue affects Web Directory Free: from n/a through 1.7.8.

Published: April 17, 2025; 12:15:58 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-39562

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codepeople Payment Form for PayPal Pro allows Stored XSS. This issue affects Payment Form for PayPal Pro: from n/a through 1.1.72.

Published: April 17, 2025; 12:15:57 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-39558

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CRM Perks CRM Perks allows Reflected XSS. This issue affects CRM Perks: from n/a through 1.1.7.

Published: April 17, 2025; 12:15:57 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-39521

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ashish Ajani Contact Form vCard Generator allows Reflected XSS. This issue affects Contact Form vCard Generator: from n/a through 2.4.

Published: April 17, 2025; 12:15:56 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-39519

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rtpHarry Bulk Page Stub Creator allows Reflected XSS. This issue affects Bulk Page Stub Creator: from n/a through 1.1.

Published: April 17, 2025; 12:15:56 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-39464

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rtowebsites AdminQuickbar allows Reflected XSS. This issue affects AdminQuickbar: from n/a through 1.9.1.

Published: April 17, 2025; 12:15:56 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-39455

Cross-Site Request Forgery (CSRF) vulnerability in ip2location IP2Location Variables allows Reflected XSS. This issue affects IP2Location Variables: from n/a through 2.9.5.

Published: April 17, 2025; 12:15:55 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-39444

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Maxfoundry MaxButtons allows Stored XSS.This issue affects MaxButtons: from n/a through 9.8.3.

Published: April 17, 2025; 12:15:55 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)