U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): xss
There are 7,922 matching records.
Displaying matches 5,301 through 5,320.
Vuln ID Summary CVSS Severity
CVE-2016-10908

The booking-calendar-contact-form plugin before 1.0.24 for WordPress has XSS.

Published: August 21, 2019; 9:15:11 AM -0400 		V4.0:(not available)
 V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-10901

The wp-customer-reviews plugin before 3.0.9 for WordPress has XSS in the admin tools.

Published: August 21, 2019; 9:15:11 AM -0400 		V4.0:(not available)
 V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-10900

The uji-countdown plugin before 2.0.7 for WordPress has XSS.

Published: August 21, 2019; 9:15:11 AM -0400 		V4.0:(not available)
 V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2019-15109

The the-events-calendar plugin before 4.8.2 for WordPress has XSS via the tribe_paged URL parameter.

Published: August 21, 2019; 8:15:11 AM -0400 		V4.0:(not available)
 V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-18540

The weblibrarian plugin before 3.4.8.7 for WordPress has XSS via front-end short codes.

Published: August 21, 2019; 8:15:11 AM -0400 		V4.0:(not available)
 V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-18539

The weblibrarian plugin before 3.4.8.6 for WordPress has XSS via front-end short codes.

Published: August 21, 2019; 8:15:11 AM -0400 		V4.0:(not available)
 V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-18538

The weblibrarian plugin before 3.4.8.5 for WordPress has XSS via front-end short codes.

Published: August 21, 2019; 8:15:11 AM -0400 		V4.0:(not available)
 V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-18537

The visitors-online plugin before 1.0.0 for WordPress has multiple XSS issues.

Published: August 21, 2019; 8:15:10 AM -0400 		V4.0:(not available)
 V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-18536

The stop-user-enumeration plugin before 1.3.8 for WordPress has XSS.

Published: August 21, 2019; 8:15:10 AM -0400 		V4.0:(not available)
 V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-18534

The share-on-diaspora plugin before 0.7.2 for WordPress has reflected XSS in share URL parameters.

Published: August 21, 2019; 8:15:10 AM -0400 		V4.0:(not available)
 V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-10898

The total-security plugin before 3.4.1 for WordPress has XSS.

Published: August 21, 2019; 8:15:10 AM -0400 		V4.0:(not available)
 V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-10897

The sermon-browser plugin before 0.45.16 for WordPress has multiple XSS issues.

Published: August 21, 2019; 8:15:10 AM -0400 		V4.0:(not available)
 V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-10896

The seo-redirection plugin before 4.3 for WordPress has stored XSS.

Published: August 21, 2019; 8:15:10 AM -0400 		V4.0:(not available)
 V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2015-9321

The shortcode-factory plugin before 1.1.1 for WordPress has XSS via add_query_arg.

Published: August 21, 2019; 8:15:10 AM -0400 		V4.0:(not available)
 V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2019-3966

In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the foreign_id parameter. This could allow an attacker to execute arbitrary code in the context of a user's session.

Published: August 20, 2019; 2:15:11 PM -0400 		V4.0:(not available)
 V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2019-3965

In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the document_id parameter. This could allow an attacker to execute arbitrary code in the context of a user's session.

Published: August 20, 2019; 2:15:11 PM -0400 		V4.0:(not available)
 V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2019-3964

In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the doc_id parameter. This could allow an attacker to execute arbitrary code in the context of a user's session.

Published: August 20, 2019; 2:15:11 PM -0400 		V4.0:(not available)
 V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2019-3963

In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the patient_id parameter. This could allow an attacker to execute arbitrary code in the context of a user's session.

Published: August 20, 2019; 2:15:11 PM -0400 		V4.0:(not available)
 V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2018-20978

The wp-all-import plugin before 3.4.7 for WordPress has XSS.

Published: August 20, 2019; 12:15:13 PM -0400 		V4.0:(not available)
 V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-18566

The user-role plugin before 1.5.6 for WordPress has multiple XSS issues.

Published: August 20, 2019; 12:15:13 PM -0400 		V4.0:(not available)
 V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM