U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): xss
  • Search Type: Search All
There are 8,105 matching records.
Displaying matches 681 through 700.
Vuln ID Summary CVSS Severity
CVE-2024-34573

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pootlepress Pootle Pagebuilder – WordPress Page builder allows Stored XSS.This issue affects Pootle Pagebuilder – WordPress Page builder: from n/a through 5.7.1.

Published: May 08, 2024; 5:15:08 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-33859

An issue was discovered in Logpoint before 7.4.0. HTML code sent through logs wasn't being escaped in the "Interesting Field" Web UI, leading to XSS.

Published: May 07, 2024; 1:15:09 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-34413

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SliceWP allows Stored XSS.This issue affects SliceWP: from n/a through 1.1.10.

Published: May 06, 2024; 5:15:48 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-34390

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AddonMaster Post Grid Master allows Stored XSS.This issue affects Post Grid Master: from n/a through 3.4.8.

Published: May 06, 2024; 3:15:10 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-34381

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PropertyHive allows Stored XSS.This issue affects PropertyHive: from n/a through 2.0.10.

Published: May 06, 2024; 3:15:09 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-34380

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuantumCloud Conversational Forms for ChatBot allows Stored XSS.This issue affects Conversational Forms for ChatBot: from n/a through 1.2.0.

Published: May 06, 2024; 3:15:09 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-34376

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Theme Freesia Edge allows Stored XSS.This issue affects Edge: from n/a through 2.0.9.

Published: May 06, 2024; 3:15:08 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-34375

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPPOOL Sheets To WP Table Live Sync allows Stored XSS.This issue affects Sheets To WP Table Live Sync: from n/a through 3.7.0.

Published: May 06, 2024; 3:15:08 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-34374

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuomodoSoft ElementsReady Addons for Elementor allows Stored XSS.This issue affects ElementsReady Addons for Elementor: from n/a through 5.8.0.

Published: May 06, 2024; 3:15:08 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-34373

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite allows Stored XSS.This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a through 5.4.2.

Published: May 06, 2024; 3:15:08 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-34369

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Webpushr Web Push Notifications Webpushr allows Reflected XSS.This issue affects Webpushr: from n/a through 4.35.0.

Published: May 06, 2024; 3:15:07 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-34366

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AltText.Ai Download Alt Text AI allows Stored XSS.This issue affects Download Alt Text AI: from n/a through 1.3.4.

Published: May 06, 2024; 3:15:07 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-34064

Jinja is an extensible templating engine. The `xmlattr` filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, `/`, `>`, or `=`, as each would then be interpreted as starting a separate attribute. If an application accepts keys (as opposed to only values) as user input, and renders these in pages that other users see as well, an attacker could use this to inject other attributes and perform XSS. The fix for CVE-2024-22195 only addressed spaces but not other characters. Accepting keys as user input is now explicitly considered an unintended use case of the `xmlattr` filter, and code that does so without otherwise validating the input should be flagged as insecure, regardless of Jinja version. Accepting _values_ as user input continues to be safe. This vulnerability is fixed in 3.1.4.

Published: May 06, 2024; 11:15:23 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-3576

The NPort 5100A Series firmware version v1.6 and prior versions are affected by web server XSS vulnerability. The vulnerability is caused by not correctly neutralizing user-controllable input before placing it in output. Malicious users may use the vulnerability to get sensitive information and escalate privileges.

Published: May 06, 2024; 8:15:08 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-34507

An issue was discovered in includes/CommentFormatter/CommentParser.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. XSS can occur because of mishandling of the 0x1b character, as demonstrated by Special:RecentChanges#%1b0000000.

Published: May 05, 2024; 3:15:07 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-34500

An issue was discovered in the UnlinkedWikibase extension in MediaWiki before 1.39.6, 1.40.x before 1.40.2, and 1.41.x before 1.41.1. XSS can occur through an interface message. Error messages (in the $err var) are not escaped before being passed to Html::rawElement() in the getError() function in the Hooks class.

Published: May 05, 2024; 3:15:07 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-34469

Rukovoditel before 3.5.3 allows XSS via user_photo to index.php?module=users/registration&action=save.

Published: May 04, 2024; 4:15:07 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-34468

Rukovoditel before 3.5.3 allows XSS via user_photo to My Page.

Published: May 04, 2024; 4:15:07 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-34467

ThinkPHP 8.0.3 allows remote attackers to exploit XSS due to inadequate filtering of function argument values in think_exception.tpl.

Published: May 04, 2024; 4:15:07 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-34462

Alinto SOGo through 5.10.0 allows XSS during attachment preview.

Published: May 04, 2024; 3:15:46 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)