U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): xss
There are 7,922 matching records.
Displaying matches 5,341 through 5,360.
Vuln ID Summary CVSS Severity
CVE-2016-10913

The wp-latest-posts plugin before 3.7.5 for WordPress has XSS.

Published: August 20, 2019; 11:15:11 AM -0400 		V4.0:(not available)
 V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-10893

The crayon-syntax-highlighter plugin before 2.8.4 for WordPress has multiple XSS issues via AJAX requests.

Published: August 20, 2019; 11:15:11 AM -0400 		V4.0:(not available)
 V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2015-9329

The wp-all-import plugin before 3.2.5 for WordPress has reflected XSS.

Published: August 20, 2019; 11:15:11 AM -0400 		V4.0:(not available)
 V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2015-9317

The awesome-support plugin before 3.1.7 for WordPress has XSS via custom information messages.

Published: August 20, 2019; 11:15:11 AM -0400 		V4.0:(not available)
 V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2019-15233

The Live:Text Box macro in the Old Street Live Input Macros app before 2.11 for Confluence has XSS, leading to theft of the Administrator Session Cookie.

Published: August 20, 2019; 10:15:11 AM -0400 		V4.0:(not available)
 V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2019-15082

The 360-product-rotation plugin before 1.4.8 for WordPress has reflected XSS.

Published: August 20, 2019; 10:15:11 AM -0400 		V4.0:(not available)
 V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2019-11522

OX App Suite 7.10.0 to 7.10.2 allows XSS.

Published: August 20, 2019; 9:15:11 AM -0400 		V4.0:(not available)
 V3.0: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2018-20975

Fat Free CRM before 0.18.1 has XSS in the tags_helper in app/helpers/tags_helper.rb.

Published: August 20, 2019; 9:15:11 AM -0400 		V4.0:(not available)
 V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2019-15227

FlightPath 4.8.3 has XSS in the Content, Edit urgent message, and Users sections of the Admin Console. This could lead to cookie stealing and other malicious actions.

Published: August 20, 2019; 1:15:10 AM -0400 		V4.0:(not available)
 V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2019-15228

FUEL CMS 1.4.4 has XSS in the Create Blocks section of the Admin console. This could lead to cookie stealing and other malicious actions. This vulnerability can be exploited with an authenticated account but can also impact unauthenticated visitors.

Published: August 19, 2019; 8:15:10 PM -0400 		V4.0:(not available)
 V3.0: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2019-15116

The easy-digital-downloads plugin before 2.9.16 for WordPress has XSS related to IP address logging.

Published: August 16, 2019; 5:15:13 PM -0400 		V4.0:(not available)
 V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-18542

The zendesk-help-center plugin before 1.0.5 for WordPress has multiple XSS issues.

Published: August 16, 2019; 5:15:10 PM -0400 		V4.0:(not available)
 V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-18541

The xo-security plugin before 1.5.3 for WordPress has XSS.

Published: August 16, 2019; 5:15:10 PM -0400 		V4.0:(not available)
 V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2019-15120

The Kunena extension before 5.1.14 for Joomla! allows XSS via BBCode.

Published: August 16, 2019; 11:15:11 AM -0400 		V4.0:(not available)
 V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2019-15108

An issue was discovered in WSO2 API Manager 2.6.0 before WSO2-CARBON-PATCH-4.4.0-4457. There is XSS via a crafted filename to the file-upload feature of the event simulator component.

Published: August 16, 2019; 12:15:10 AM -0400 		V4.0:(not available)
 V3.1: 4.8 MEDIUM
V2.0: 3.5 LOW
CVE-2019-15095

DWSurvey through 2019-07-22 has reflected XSS via the design/qu-multi-fillblank!answers.action surveyId parameter.

Published: August 15, 2019; 9:15:09 PM -0400 		V4.0:(not available)
 V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2018-17790

Prospecta Master Data Online (MDO) 2.0 has Stored XSS.

Published: August 15, 2019; 1:15:11 PM -0400 		V4.0:(not available)
 V3.1: 5.4 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2018-12101

CMS Clipper 1.3.3 has XSS in the Security tab search, User Groups, Resource Groups, and User/Resource Group Links fields.

Published: August 15, 2019; 1:15:11 PM -0400 		V4.0:(not available)
 V3.0: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2019-14789

The Custom 404 Pro plugin 3.2.8 for WordPress has XSS via the wp-admin/admin.php?page=c4p-main page parameter.

Published: August 15, 2019; 12:15:12 PM -0400 		V4.0:(not available)
 V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2019-14784

The "CP Contact Form with PayPal" plugin before 1.2.98 for WordPress has XSS in CSS edition.

Published: August 15, 2019; 12:15:12 PM -0400 		V4.0:(not available)
 V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM