U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): xss
  • Search Type: Search All
There are 7,266 matching records.
Displaying matches 61 through 80.
Vuln ID Summary CVSS Severity
CVE-2024-31285

Cross-Site Request Forgery (CSRF) vulnerability in Tooltip WordPress Tooltips allows Stored XSS.This issue affects WordPress Tooltips: from n/a through 9.5.3.

Published: April 11, 2024; 9:15:52 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-32080

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nick Pelton Search Keyword Redirect allows Stored XSS.This issue affects Search Keyword Redirect: from n/a through 1.0.

Published: April 11, 2024; 5:15:08 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-27992

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Link Whisper Link Whisper Free allows Reflected XSS.This issue affects Link Whisper Free: from n/a through 0.6.8.

Published: April 10, 2024; 9:25:08 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-27991

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SupportCandy allows Stored XSS.This issue affects SupportCandy: from n/a through 3.2.3.

Published: April 10, 2024; 9:25:07 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-27990

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The Moneytizer allows Stored XSS.This issue affects The Moneytizer: from n/a through 9.5.20.

Published: April 10, 2024; 9:25:07 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-27989

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in I Thirteen Web Solution WP Responsive Tabs horizontal vertical and accordion Tabs allows Stored XSS.This issue affects WP Responsive Tabs horizontal vertical and accordion Tabs: from n/a through 1.1.17.

Published: April 10, 2024; 9:25:07 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-27988

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WEN Themes WEN Responsive Columns allows Stored XSS.This issue affects WEN Responsive Columns: from n/a through 1.3.2.

Published: April 10, 2024; 9:25:07 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-27969

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Enhanced Free Downloads WooCommerce allows Stored XSS.This issue affects Free Downloads WooCommerce: from n/a through 3.5.8.2.

Published: April 10, 2024; 9:25:06 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-27966

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ExpressTech Quiz And Survey Master allows Stored XSS.This issue affects Quiz And Survey Master: from n/a through 8.2.2.

Published: April 10, 2024; 9:25:06 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-31214

Traccar is an open source GPS tracking system. Traccar versions 5.1 through 5.12 allow arbitrary files to be uploaded through the device image upload API. Attackers have full control over the file contents, full control over the directory where the file is stored, full control over the file extension, and partial control over the file name. While it's not for an attacker to overwrite an existing file, an attacker can create new files with certain names and attacker-controlled extensions anywhere on the file system. This can potentially lead to remote code execution, XSS, DOS, etc. The default install of Traccar makes this vulnerability more severe. Self-registration is enabled by default, allowing anyone to create an account to exploit this vulnerability. Traccar also runs by default with root/system privileges, allowing files to be placed anywhere on the file system. Version 6.0 contains a fix for the issue. One may also turn off self-registration by default, as that would make most vulnerabilities in the application much harder to exploit by default and reduce the severity considerably.

Published: April 10, 2024; 2:15:07 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-27477

In Leantime 3.0.6, a Cross-Site Scripting vulnerability exists within the ticket creation and modification functionality, allowing attackers to inject malicious JavaScript code into the title field of tickets (also known as to-dos). This stored XSS vulnerability can be exploited to perform Server-Side Request Forgery (SSRF) attacks.

Published: April 10, 2024; 11:16:04 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-2428

The Ultimate Video Player For WordPress WordPress plugin before 2.2.3 does not have proper capability check when updating its settings via a REST route, allowing Contributor and above users to update them. Furthermore, due to the lack of escaping in one of the settings, this also allows them to perform Stored XSS attacks

Published: April 10, 2024; 1:15:49 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-31868

Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin. The attackers can modify helium.json and exposure XSS attacks to normal users. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue.

Published: April 09, 2024; 12:15:08 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-31365

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themify Post Type Builder (PTB) allows Reflected XSS.This issue affects Post Type Builder (PTB): from n/a through 2.0.8.

Published: April 09, 2024; 4:15:07 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-31357

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BdThemes Ultimate Store Kit Elementor Addons allows Stored XSS.This issue affects Ultimate Store Kit Elementor Addons: from n/a through 1.5.2.

Published: April 08, 2024; 5:15:10 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-31349

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MailMunch MailMunch – Grow your Email List allows Stored XSS.This issue affects MailMunch – Grow your Email List: from n/a through 3.1.6.

Published: April 07, 2024; 2:15:13 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-31348

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themepoints Testimonials allows Stored XSS.This issue affects Testimonials: from n/a through 3.0.5.

Published: April 07, 2024; 2:15:13 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-31346

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Blocksmarket Gradient Text Widget for Elementor allows Stored XSS.This issue affects Gradient Text Widget for Elementor: from n/a through 1.0.1.

Published: April 07, 2024; 2:15:12 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-31344

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Phpbits Creative Studio Easy Login Styler – White Label Admin Login Page for WordPress allows Stored XSS.This issue affects Easy Login Styler – White Label Admin Login Page for WordPress: from n/a through 1.0.6.

Published: April 07, 2024; 2:15:12 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-31306

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDeveloper Essential Blocks for Gutenberg allows Stored XSS.This issue affects Essential Blocks for Gutenberg: from n/a through 4.5.3.

Published: April 07, 2024; 2:15:12 PM -0400
V3.x:(not available)
V2.0:(not available)