U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): xss
There are 7,924 matching records.
Displaying matches 5,141 through 5,160.
Vuln ID Summary CVSS Severity
CVE-2018-21014

The buddyboss-media plugin through 3.2.3 for WordPress has stored XSS.

Published: September 09, 2019; 9:15:11 AM -0400 		V4.0:(not available)
 V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2018-21012

The cf7-invisible-recaptcha plugin before 1.3.2 for WordPress has XSS.

Published: September 09, 2019; 9:15:11 AM -0400 		V4.0:(not available)
 V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2019-16130

YII2-CMS v1.0 has XSS in protected\core\modules\home\models\Contact.php via a name field to /contact.html.

Published: September 08, 2019; 11:15:10 PM -0400 		V4.0:(not available)
 V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2019-16104

Silver Peak EdgeConnect SD-WAN before 8.1.7.x has reflected XSS via the rest/json/configdb/download/ PATH_INFO.

Published: September 08, 2019; 1:15:11 PM -0400 		V4.0:(not available)
 V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2018-11198

An issue was discovered in Mautic 2.13.1. There is Stored XSS via the authorUrl field in config.json.

Published: September 06, 2019; 5:15:11 PM -0400 		V4.0:(not available)
 V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2019-14470

cosenary Instagram-PHP-API (aka Instagram PHP API V2), as used in the UserPro plugin through 4.9.32 for WordPress, has XSS via the example/success.php error_description parameter.

Published: September 04, 2019; 4:15:10 PM -0400 		V4.0:(not available)
 V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2019-15814

Multiple stored XSS vulnerabilities in Sentrifugo 3.2 could allow authenticated users to inject arbitrary web script or HTML.

Published: September 04, 2019; 10:15:11 AM -0400 		V4.0:(not available)
 V3.0: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2019-15898

Nagios Log Server before 2.0.8 allows Reflected XSS via the username on the Login page.

Published: September 03, 2019; 6:15:11 PM -0400 		V4.0:(not available)
 V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2019-15889

The download-manager plugin before 2.9.94 for WordPress has XSS via the category shortcode feature, as demonstrated by the orderby or search[publish_date] parameter.

Published: September 03, 2019; 2:15:12 PM -0400 		V4.0:(not available)
 V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2019-15870

The CarSpot theme before 2.1.7 for WordPress has stored XSS via the Phone Number field.

Published: September 03, 2019; 8:15:11 AM -0400 		V4.0:(not available)
 V3.0: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2019-15869

The JobCareer theme before 2.5.1 for WordPress has stored XSS.

Published: September 03, 2019; 8:15:11 AM -0400 		V4.0:(not available)
 V3.0: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2019-15864

The breadcrumbs-by-menu plugin before 1.0.3 for WordPress has XSS.

Published: September 03, 2019; 8:15:11 AM -0400 		V4.0:(not available)
 V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2019-15858

admin/includes/class.import.snippet.php in the "Woody ad snippets" plugin before 2.2.5 for WordPress allows unauthenticated options import, as demonstrated by storing an XSS payload for remote code execution.

Published: September 03, 2019; 3:15:10 AM -0400 		V4.0:(not available)
 V3.1: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2019-15842

The easy-pdf-restaurant-menu-upload plugin before 1.1.2 for WordPress has XSS.

Published: August 30, 2019; 1:15:12 PM -0400 		V4.0:(not available)
 V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2019-15838

The custom-404-pro plugin before 3.2.8 for WordPress has reflected XSS, a different vulnerability than CVE-2019-14789.

Published: August 30, 2019; 1:15:12 PM -0400 		V4.0:(not available)
 V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2019-15837

The webp-express plugin before 0.14.8 for WordPress has stored XSS.

Published: August 30, 2019; 1:15:12 PM -0400 		V4.0:(not available)
 V3.0: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2019-15836

The wp-ultimate-recipe plugin before 3.12.7 for WordPress has stored XSS.

Published: August 30, 2019; 1:15:12 PM -0400 		V4.0:(not available)
 V3.0: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2019-15833

The simple-mail-address-encoder plugin before 1.7 for WordPress has reflected XSS.

Published: August 30, 2019; 10:15:11 AM -0400 		V4.0:(not available)
 V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2019-15830

The icegram plugin before 1.10.29 for WordPress has ig_cat_list XSS.

Published: August 30, 2019; 10:15:10 AM -0400 		V4.0:(not available)
 V3.0: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2019-15829

The photoblocks-grid-gallery plugin before 1.1.33 for WordPress has wp-admin/admin.php?page=photoblocks-edit&id= XSS.

Published: August 30, 2019; 10:15:10 AM -0400 		V4.0:(not available)
 V3.0: 4.8 MEDIUM
V2.0: 3.5 LOW