U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): xss
There are 7,924 matching records.
Displaying matches 5,061 through 5,080.
Vuln ID Summary CVSS Severity
CVE-2015-9384

The relevant plugin before 1.0.8 for WordPress has XSS.

Published: September 20, 2019; 11:15:11 AM -0400 		V4.0:(not available)
 V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2019-15086

An issue was discovered in PRiSE adAS 1.7.0. The newentityID parameter is not properly escaped, leading to a reflected XSS in the error message.

Published: September 20, 2019; 10:15:12 AM -0400 		V4.0:(not available)
 V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2019-14915

An issue was discovered in PRiSE adAS 1.7.0. Certificate data are not properly escaped. This leads to XSS when submitting a rogue certificate.

Published: September 20, 2019; 10:15:11 AM -0400 		V4.0:(not available)
 V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2019-14913

An issue was discovered in PRiSE adAS 1.7.0. Log data are not properly escaped, leading to persistent XSS in the administration panel.

Published: September 20, 2019; 10:15:11 AM -0400 		V4.0:(not available)
 V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2019-14911

An issue was discovered in PRiSE adAS 1.7.0. The OPENSSO module does not properly escape output on error, leading to reflected XSS.

Published: September 20, 2019; 10:15:11 AM -0400 		V4.0:(not available)
 V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2019-16525

An XSS issue was discovered in the checklist plugin before 1.1.9 for WordPress. The fill parameter is not correctly filtered in the checklist-icon.php file, and it is possible to inject JavaScript code.

Published: September 19, 2019; 4:15:11 PM -0400 		V4.0:(not available)
 V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-10994

The Truemag theme 2016 Q2 for WordPress has XSS via the s parameter.

Published: September 18, 2019; 8:15:10 AM -0400 		V4.0:(not available)
 V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2019-16392

SPIP before 3.1.11 and 3.2 before 3.2.5 allows prive/formulaires/login.php XSS via error messages.

Published: September 17, 2019; 5:15:11 PM -0400 		V4.0:(not available)
 V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-10993

The ScoreMe theme through 2016-04-01 for WordPress has XSS via the s parameter.

Published: September 17, 2019; 11:15:12 AM -0400 		V4.0:(not available)
 V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2016-10992

The music-store plugin before 1.0.43 for WordPress has XSS via the wp-admin/admin.php?page=music-store-menu-reports from_year parameter.

Published: September 17, 2019; 11:15:12 AM -0400 		V4.0:(not available)
 V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-10990

The wp-cerber plugin before 2.7 for WordPress has XSS via the X-Forwarded-For HTTP header.

Published: September 17, 2019; 11:15:12 AM -0400 		V4.0:(not available)
 V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-10988

The leenkme plugin before 2.6.0 for WordPress has stored XSS via facebook_message, facebook_linkname, facebook_caption, facebook_description, default_image, or _wp_http_referer.

Published: September 17, 2019; 11:15:12 AM -0400 		V4.0:(not available)
 V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-10987

The persian-woocommerce-sms plugin before 3.3.4 for WordPress has ps_sms_numbers XSS.

Published: September 17, 2019; 11:15:12 AM -0400 		V4.0:(not available)
 V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-10986

The tweet-wheel plugin before 1.0.3.3 for WordPress has XSS via consumer_key, consumer_secret, access_token, and access_token_secret.

Published: September 17, 2019; 11:15:12 AM -0400 		V4.0:(not available)
 V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-10985

The echosign plugin before 1.2 for WordPress has XSS via the templates/add_templates.php id parameter.

Published: September 17, 2019; 11:15:12 AM -0400 		V4.0:(not available)
 V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-10984

The echosign plugin before 1.2 for WordPress has XSS via the inc.php page parameter.

Published: September 17, 2019; 11:15:12 AM -0400 		V4.0:(not available)
 V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-10981

The kento-post-view-counter plugin through 2.8 for WordPress has stored XSS via kento_pvc_numbers_lang, kento_pvc_today_text, or kento_pvc_total_text.

Published: September 17, 2019; 11:15:11 AM -0400 		V4.0:(not available)
 V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-10980

The kento-post-view-counter plugin through 2.8 for WordPress has XSS via kento_pvc_geo.

Published: September 17, 2019; 11:15:11 AM -0400 		V4.0:(not available)
 V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-10979

The fossura-tag-miner plugin before 1.1.5 for WordPress has XSS.

Published: September 17, 2019; 11:15:11 AM -0400 		V4.0:(not available)
 V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-10976

The safe-editor plugin before 1.2 for WordPress has no se_save authentication, with resultant XSS.

Published: September 17, 2019; 11:15:11 AM -0400 		V4.0:(not available)
 V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM