U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): xss
  • Search Type: Search All
There are 7,317 matching records.
Displaying matches 81 through 100.
Vuln ID Summary CVSS Severity
CVE-2024-32557

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Exclusive Addons Exclusive Addons Elementor allows Stored XSS.This issue affects Exclusive Addons Elementor: from n/a through 2.6.9.2.

Published: April 16, 2024; 3:15:12 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2023-47626

iTop is an IT service management platform. When displaying/editing the user's personal tokens, XSS attacks are possible. This vulnerability is fixed in 3.1.1.

Published: April 15, 2024; 2:15:08 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2023-47622

iTop is an IT service management platform. When dashlet are refreshed, XSS attacks are possible. This vulnerability is fixed in 3.0.4 and 3.1.1.

Published: April 15, 2024; 2:15:08 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2023-47123

iTop is an IT service management platform. By filling malicious code in an object friendlyname / complementary name, an XSS attack can be performed when this object will displayed as an n:n relation item in another object. This vulnerability is fixed in 3.1.1 and 3.2.0.

Published: April 15, 2024; 2:15:08 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2023-44396

iTop is an IT service management platform. Dashlet edits ajax endpoints can be used to produce XSS. Fixed in iTop 2.7.10, 3.0.4, and 3.1.1.

Published: April 15, 2024; 2:15:07 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-30545

Cross-Site Request Forgery (CSRF) vulnerability in Nick Powers Social Author Bio allows Stored XSS.This issue affects Social Author Bio: from n/a through 2.4.

Published: April 15, 2024; 4:15:11 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-32453

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POEditor allows Stored XSS.This issue affects POEditor: from n/a through 0.9.8.

Published: April 15, 2024; 3:15:11 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-32429

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPChill Remove Footer Credit allows Stored XSS.This issue affects Remove Footer Credit: from n/a through 1.0.13.

Published: April 15, 2024; 3:15:10 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-32428

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Moss Web Works MWW Disclaimer Buttons allows Stored XSS.This issue affects MWW Disclaimer Buttons: from n/a through 3.0.2.

Published: April 15, 2024; 3:15:10 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-32149

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BlueGlass Jobs for WordPress allows Reflected XSS.This issue affects Jobs for WordPress: from n/a through 2.7.5.

Published: April 15, 2024; 3:15:10 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-32147

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Form Plugin Team - GhozyLab Easy Contact Form Lite allows Stored XSS.This issue affects Easy Contact Form Lite : from n/a through 1.1.23.

Published: April 15, 2024; 3:15:10 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-32145

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PineWise WP Google Analytics Events allows Reflected XSS.This issue affects WP Google Analytics Events: from n/a through 2.8.0.

Published: April 15, 2024; 3:15:10 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-32140

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Libsyn Libsyn Publisher Hub allows Stored XSS.This issue affects Libsyn Publisher Hub: from n/a through 1.4.4.

Published: April 15, 2024; 3:15:09 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-32138

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in KaizenCoders Short URL allows Reflected XSS.This issue affects Short URL: from n/a through 1.6.8.

Published: April 15, 2024; 3:15:09 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-32133

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michael Schuppenies EZ Form Calculator allows Reflected XSS.This issue affects EZ Form Calculator: from n/a through 2.14.0.3.

Published: April 15, 2024; 3:15:09 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-32079

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michael Dempfle Advanced iFrame allows Stored XSS.This issue affects Advanced iFrame: from n/a through 2024.2.

Published: April 15, 2024; 3:15:09 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-2583

The WP Shortcodes Plugin — Shortcodes Ultimate WordPress plugin before 7.0.5 does not properly escape some of its shortcodes attributes before they are echoed back to users, making it possible for users with the contributor role to conduct Stored XSS attacks.

Published: April 13, 2024; 1:15:48 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2022-40211

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GiveWP allows Stored XSS.This issue affects GiveWP: from n/a through 2.25.1.

Published: April 12, 2024; 9:15:14 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-3092

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. A payload may lead to a Stored XSS while using the diff viewer, allowing attackers to perform arbitrary actions on behalf of victims.

Published: April 11, 2024; 9:15:57 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-2279

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.7 to 16.8.6 all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. Using the autocomplete for issues references feature a crafted payload may lead to a stored XSS, allowing attackers to perform arbitrary actions on behalf of victims.

Published: April 11, 2024; 9:15:57 PM -0400
V3.x:(not available)
V2.0:(not available)