U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): xss
  • Search Type: Search All
There are 11,607 matching records.
Displaying matches 501 through 520.
Vuln ID Summary CVSS Severity
CVE-2025-32552

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory MSRP (RRP) Pricing for WooCommerce allows Reflected XSS. This issue affects MSRP (RRP) Pricing for WooCommerce: from n/a through 1.8.1.

Published: April 17, 2025; 12:15:43 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-32548

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in borisolhor Hamburger Icon Menu Lite allows Reflected XSS. This issue affects Hamburger Icon Menu Lite: from n/a through 1.0.

Published: April 17, 2025; 12:15:43 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-32546

Cross-Site Request Forgery (CSRF) vulnerability in gtlwpdev All push notification for WP allows Reflected XSS. This issue affects All push notification for WP: from n/a through 1.5.3.

Published: April 17, 2025; 12:15:42 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-32545

Cross-Site Request Forgery (CSRF) vulnerability in SOFTAGON WooCommerce Products without featured images allows Reflected XSS. This issue affects WooCommerce Products without featured images: from n/a through 0.1.

Published: April 17, 2025; 12:15:42 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-32540

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in feedify Feedify – Web Push Notifications allows Reflected XSS. This issue affects Feedify – Web Push Notifications: from n/a through 2.4.5.

Published: April 17, 2025; 12:15:42 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-32535

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in digireturn DN Shipping by Weight for WooCommerce allows Reflected XSS. This issue affects DN Shipping by Weight for WooCommerce: from n/a through 1.2.

Published: April 17, 2025; 12:15:42 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-32533

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Matat Technologies Deliver via Shipos for WooCommerce allows Reflected XSS. This issue affects Deliver via Shipos for WooCommerce: from n/a through 2.1.7.

Published: April 17, 2025; 12:15:42 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-32532

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pei Yong Goh UXsniff allows Reflected XSS. This issue affects UXsniff: from n/a through 1.2.4.

Published: April 17, 2025; 12:15:42 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-32531

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tychesoftwares Arconix FAQ allows Reflected XSS. This issue affects Arconix FAQ: from n/a through 1.9.5.

Published: April 17, 2025; 12:15:42 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-32530

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Swings Wallet System for WooCommerce allows Reflected XSS. This issue affects Wallet System for WooCommerce: from n/a through 2.6.5.

Published: April 17, 2025; 12:15:41 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-32529

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in iONE360 iONE360 configurator allows Reflected XSS. This issue affects iONE360 configurator: from n/a through 2.0.56.

Published: April 17, 2025; 12:15:41 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-32528

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in maximevalette iCal Feeds allows Reflected XSS. This issue affects iCal Feeds: from n/a through 1.5.3.

Published: April 17, 2025; 12:15:41 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-32527

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pey22 T&P Gallery Slider allows Stored XSS. This issue affects T&P Gallery Slider: from n/a through 1.2.

Published: April 17, 2025; 12:15:41 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-32526

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dylan James Zephyr Project Manager allows Reflected XSS. This issue affects Zephyr Project Manager: from n/a through 3.3.101.

Published: April 17, 2025; 12:15:41 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-32522

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPExperts.io License Manager for WooCommerce allows Reflected XSS. This issue affects License Manager for WooCommerce: from n/a through 3.0.9.

Published: April 17, 2025; 12:15:41 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-32521

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CoolHappy Cool Flipbox – Shortcode & Gutenberg Block allows Reflected XSS. This issue affects Cool Flipbox – Shortcode & Gutenberg Block: from n/a through 1.8.3.

Published: April 17, 2025; 12:15:41 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-32520

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in M. Ali Saleem WordPress Health and Server Condition – Integrated with Google Page Speed allows Reflected XSS. This issue affects WordPress Health and Server Condition – Integrated with Google Page Speed: from n/a through 4.1.1.

Published: April 17, 2025; 12:15:40 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-32516

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ilGhera Related Videos for JW Player allows Reflected XSS. This issue affects Related Videos for JW Player: from n/a through 1.2.0.

Published: April 17, 2025; 12:15:40 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-32515

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in terminalafrica Terminal Africa allows Reflected XSS. This issue affects Terminal Africa: from n/a through 1.13.17.

Published: April 17, 2025; 12:15:40 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-32514

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cscode WooCommerce Estimate and Quote allows Reflected XSS. This issue affects WooCommerce Estimate and Quote: from n/a through 1.0.2.5.

Published: April 17, 2025; 12:15:40 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)