U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): xss
  • Search Type: Search All
There are 6,881 matching records.
Displaying matches 481 through 500.
Vuln ID Summary CVSS Severity
CVE-2023-49149

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CurrencyRate.Today Currency Converter Calculator allows Stored XSS.This issue affects Currency Converter Calculator: from n/a through 1.3.1.

Published: December 14, 2023; 12:15:09 PM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-48780

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EnigmaWeb WP Catalogue allows Stored XSS.This issue affects WP Catalogue: from n/a through 1.7.6.

Published: December 14, 2023; 12:15:08 PM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-48771

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bruno "Aesqe" Babic File Gallery allows Reflected XSS.This issue affects File Gallery: from n/a through 1.8.5.4.

Published: December 14, 2023; 12:15:08 PM -0500
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2023-48770

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nima Saberi Aparat allows Stored XSS.This issue affects Aparat: from n/a through 1.7.1.

Published: December 14, 2023; 12:15:08 PM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-48767

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Raghu Goriya MyTube PlayList allows Reflected XSS.This issue affects MyTube PlayList: from n/a through 2.0.3.

Published: December 14, 2023; 12:15:08 PM -0500
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2023-48756

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetBlocks For Elementor allows Reflected XSS.This issue affects JetBlocks For Elementor: from n/a through 1.3.8.

Published: December 14, 2023; 12:15:08 PM -0500
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2023-6367

In WhatsUp Gold versions released before 2023.1, a stored cross-site scripting (XSS) vulnerability has been identified. It is possible for an attacker to craft a XSS payload and store that value within Roles.   If a WhatsUp Gold user interacts with the crafted payload, the attacker would be able to execute malicious JavaScript within the context of the victims browser.

Published: December 14, 2023; 11:15:53 AM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-6366

In WhatsUp Gold versions released before 2023.1, a stored cross-site scripting (XSS) vulnerability has been identified. It is possible for an attacker to craft a XSS payload and store that value within Alert Center.   If a WhatsUp Gold user interacts with the crafted payload, the attacker would be able to execute malicious JavaScript within the context of the victims browser.

Published: December 14, 2023; 11:15:53 AM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-6365

In WhatsUp Gold versions released before 2023.1, a stored cross-site scripting (XSS) vulnerability has been identified. It is possible for an attacker to craft a XSS payload and store that value within a device group.   If a WhatsUp Gold user interacts with the crafted payload, the attacker would be able to execute malicious JavaScript within the context of the victims browser.

Published: December 14, 2023; 11:15:53 AM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-6364

In WhatsUp Gold versions released before 2023.1, a stored cross-site scripting (XSS) vulnerability has been identified.  It is possible for an attacker to craft a XSS payload and store that value within a dashboard component.   If a WhatsUp Gold user interacts with the crafted payload, the attacker would be able to execute malicious JavaScript within the context of the victims browser.

Published: December 14, 2023; 11:15:52 AM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-49841

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FancyThemes Optin Forms – Simple List Building Plugin for WordPress allows Stored XSS.This issue affects Optin Forms – Simple List Building Plugin for WordPress: from n/a through 1.3.3.

Published: December 14, 2023; 11:15:52 AM -0500
V3.1: 4.8 MEDIUM
V2.0:(not available)
CVE-2023-49820

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Gordon Böhme, Antonio Leutsch Structured Content (JSON-LD) #wpsc allows Stored XSS.This issue affects Structured Content (JSON-LD) #wpsc: from n/a through 1.5.3.

Published: December 14, 2023; 11:15:52 AM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-49813

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus allows Stored XSS.This issue affects WP Photo Album Plus: from n/a through 8.5.02.005.

Published: December 14, 2023; 11:15:52 AM -0500
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2023-49771

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Peter Raschendorfer Smart External Link Click Monitor [Link Log] allows Reflected XSS.This issue affects Smart External Link Click Monitor [Link Log]: from n/a through 5.0.2.

Published: December 14, 2023; 11:15:51 AM -0500
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2023-49770

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Peter Raschendorfer Smart External Link Click Monitor [Link Log] allows Stored XSS.This issue affects Smart External Link Click Monitor [Link Log]: from n/a through 5.0.2.

Published: December 14, 2023; 11:15:51 AM -0500
V3.1: 4.8 MEDIUM
V2.0:(not available)
CVE-2023-49766

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themefic Ultimate Addons for Contact Form 7 allows Stored XSS.This issue affects Ultimate Addons for Contact Form 7: from n/a through 3.2.0.

Published: December 14, 2023; 11:15:51 AM -0500
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2023-49195

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kyle Phillips Nested Pages allows Stored XSS.This issue affects Nested Pages: from n/a through 3.2.6.

Published: December 14, 2023; 11:15:51 AM -0500
V3.1: 4.8 MEDIUM
V2.0:(not available)
CVE-2023-49173

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 10to8 Sign In Scheduling Online Appointment Booking System allows Stored XSS.This issue affects Sign In Scheduling Online Appointment Booking System: from n/a through 1.0.9.

Published: December 14, 2023; 11:15:51 AM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-49172

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BrainCert BrainCert – HTML5 Virtual Classroom allows Reflected XSS.This issue affects BrainCert – HTML5 Virtual Classroom: from n/a through 1.30.

Published: December 14, 2023; 11:15:50 AM -0500
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2023-49171

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TheInnovs Innovs HR – Complete Human Resource Management System for Your Business allows Reflected XSS.This issue affects Innovs HR – Complete Human Resource Management System for Your Business: from n/a through 1.0.3.4.

Published: December 14, 2023; 11:15:50 AM -0500
V3.1: 6.1 MEDIUM
V2.0:(not available)