U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): xss
  • Search Type: Search All
There are 7,091 matching records.
Displaying matches 501 through 520.
Vuln ID Summary CVSS Severity
CVE-2023-5880

When the Genie Company Aladdin Connect garage door opener (Retrofit-Kit Model ALDCM) is placed into configuration mode the web servers “Garage Door Control Module Setup” page is vulnerable to XSS via a broadcast SSID name containing malicious code with client side Java Script and/or HTML. This allows the attacker to inject malicious code with client side Java Script and/or HTML into the users' web browser. 

Published: January 03, 2024; 3:15:21 PM -0500
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2023-6000

The Popup Builder WordPress plugin before 4.2.3 does not prevent simple visitors from updating existing popups, and injecting raw JavaScript in them, which could lead to Stored XSS attacks.

Published: January 01, 2024; 10:15:43 AM -0500
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2024-21732

FlyCms through abbaa5a allows XSS via the permission management feature.

Published: January 01, 2024; 3:15:36 AM -0500
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2021-46900

Sympa before 6.2.62 relies on a cookie parameter for certain security objectives, but does not ensure that this parameter exists and has an unpredictable value. Specifically, the cookie parameter is both a salt for stored passwords and an XSS protection mechanism.

Published: December 31, 2023; 12:15:08 AM -0500
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2023-52269

MDaemon SecurityGateway through 9.0.3 allows XSS via a crafted Message Content Filtering rule. This might allow domain administrators to conduct attacks against global administrators.

Published: December 30, 2023; 8:15:07 PM -0500
V3.1: 4.8 MEDIUM
V2.0:(not available)
CVE-2023-52265

IDURAR (aka idurar-erp-crm) through 2.0.1 allows stored XSS via a PATCH request with a crafted JSON email template in the /api/email/update data.

Published: December 30, 2023; 6:15:42 PM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-52264

The beesblog (aka Bees Blog) component before 1.6.2 for thirty bees allows Reflected XSS because controllers/front/post.php sharing_url is mishandled.

Published: December 30, 2023; 6:15:42 PM -0500
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2023-52257

LogoBee 0.2 allows updates.php?id= XSS.

Published: December 30, 2023; 3:15:07 AM -0500
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2023-52240

The Kantega SAML SSO OIDC Kerberos Single Sign-on apps before 6.20.0 for Atlassian products allow XSS if SAML POST Binding is enabled. This affects 4.4.2 through 4.14.8 before 4.14.9, 5.0.0 through 5.11.4 before 5.11.5, and 6.0.0 through 6.19.0 before 6.20.0. The full product names are Kantega SAML SSO OIDC Kerberos Single Sign-on for Jira Data Center & Server (Kantega SSO Enterprise), Kantega SAML SSO OIDC Kerberos Single Sign-on for Confluence Data Center & Server (Kantega SSO Enterprise), Kantega SAML SSO OIDC Kerberos Single Sign-on for Bitbucket Data Center & Server (Kantega SSO Enterprise), Kantega SAML SSO OIDC Kerberos Single Sign-on for Bamboo Data Center & Server (Kantega SSO Enterprise), and Kantega SAML SSO OIDC Kerberos Single Sign-on for FeCru Server (Kantega SSO Enterprise). (Here, FeCru refers to the Atlassian Fisheye and Crucible products running together.)

Published: December 29, 2023; 5:15:37 PM -0500
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2023-50893

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UpSolution Impreza – WordPress Website and WooCommerce Builder allows Reflected XSS.This issue affects Impreza – WordPress Website and WooCommerce Builder: from n/a through 8.17.4.

Published: December 29, 2023; 7:15:45 AM -0500
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2023-50892

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodexThemes TheGem - Creative Multi-Purpose & WooCommerce WordPress Theme allows Reflected XSS.This issue affects TheGem - Creative Multi-Purpose & WooCommerce WordPress Theme: from n/a through 5.9.1.

Published: December 29, 2023; 7:15:45 AM -0500
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2023-50891

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zoho Forms Form plugin for WordPress – Zoho Forms allows Stored XSS.This issue affects Form plugin for WordPress – Zoho Forms: from n/a through 3.0.1.

Published: December 29, 2023; 7:15:45 AM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-50889

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The Beaver Builder Team Beaver Builder – WordPress Page Builder allows Stored XSS.This issue affects Beaver Builder – WordPress Page Builder: from n/a through 2.7.2.

Published: December 29, 2023; 7:15:45 AM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-50881

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AAM Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More allows Stored XSS.This issue affects Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More: from n/a through 6.9.15.

Published: December 29, 2023; 7:15:44 AM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-50880

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The BuddyPress Community BuddyPress allows Stored XSS.This issue affects BuddyPress: from n/a through 11.3.1.

Published: December 29, 2023; 7:15:44 AM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-50879

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WordPress.Com Editing Toolkit allows Stored XSS.This issue affects WordPress.Com Editing Toolkit: from n/a through 3.78784.

Published: December 29, 2023; 7:15:44 AM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-41814

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). Through an HTML payload (iframe tag) it is possible to carry out XSS attacks when the user receiving the messages opens their notifications. This issue affects Pandora FMS: from 700 through 774.

Published: December 29, 2023; 7:15:43 AM -0500
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2023-51541

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aleksandar Urošević Stock Ticker allows Stored XSS.This issue affects Stock Ticker: from n/a through 3.23.4.

Published: December 29, 2023; 6:15:11 AM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-51399

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Back Button Widget allows Stored XSS.This issue affects Back Button Widget: from n/a through 1.6.3.

Published: December 29, 2023; 6:15:10 AM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-51397

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainstorm Force WP Remote Site Search allows Stored XSS.This issue affects WP Remote Site Search: from n/a through 1.0.4.

Published: December 29, 2023; 6:15:10 AM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)