U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): xss
There are 7,922 matching records.
Displaying matches 5,421 through 5,440.
Vuln ID Summary CVSS Severity
CVE-2019-14950

The wp-live-chat-support plugin before 8.0.27 for WordPress has XSS via the GDPR page.

Published: August 12, 2019; 11:15:12 AM -0400 		V4.0:(not available)
 V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2019-14949

The wp-database-backup plugin before 5.1.2 for WordPress has XSS.

Published: August 12, 2019; 11:15:12 AM -0400 		V4.0:(not available)
 V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2019-14948

The woocommerce-product-addon plugin before 18.4 for WordPress has XSS via an import of a new meta data structure.

Published: August 12, 2019; 11:15:12 AM -0400 		V4.0:(not available)
 V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2017-18508

The wp-live-chat-support plugin before 7.1.03 for WordPress has XSS.

Published: August 12, 2019; 11:15:11 AM -0400 		V4.0:(not available)
 V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-18506

The woocommerce-pdf-invoices-packing-slips plugin before 2.0.13 for WordPress has XSS via the tab or section variable on settings screens.

Published: August 12, 2019; 11:15:11 AM -0400 		V4.0:(not available)
 V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-10879

The wp-live-chat-support plugin before 6.2.02 for WordPress has XSS.

Published: August 12, 2019; 11:15:11 AM -0400 		V4.0:(not available)
 V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-10878

The wp-google-map-plugin plugin before 3.1.2 for WordPress has XSS.

Published: August 12, 2019; 11:15:11 AM -0400 		V4.0:(not available)
 V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-10877

The wp-editor plugin before 1.2.6.3 for WordPress has multiple XSS issues.

Published: August 12, 2019; 11:15:11 AM -0400 		V4.0:(not available)
 V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-10875

The wp-database-backup plugin before 4.3.1 for WordPress has XSS.

Published: August 12, 2019; 11:15:11 AM -0400 		V4.0:(not available)
 V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-10873

The wp-database-backup plugin before 4.3.3 for WordPress has XSS.

Published: August 12, 2019; 11:15:11 AM -0400 		V4.0:(not available)
 V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2015-9306

The wp-ultimate-csv-importer plugin before 3.8.1 for WordPress has XSS.

Published: August 12, 2019; 11:15:11 AM -0400 		V4.0:(not available)
 V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2015-9305

The wp-google-map-plugin plugin before 2.3.7 for WordPress has XSS related to the add_query_arg() and remove_query_arg() functions.

Published: August 12, 2019; 11:15:11 AM -0400 		V4.0:(not available)
 V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2019-14807

In the MobileFrontend extension 1.31 through 1.33 for MediaWiki, XSS exists within the edit summary field in includes/specials/MobileSpecialPageFeed.php.

Published: August 09, 2019; 5:15:11 PM -0400 		V4.0:(not available)
 V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2019-11274

Cloud Foundry UAA, versions prior to 74.0.0, is vulnerable to an XSS attack. A remote unauthenticated malicious attacker could craft a URL that contains a SCIM filter that contains malicious JavaScript, which older browsers may execute.

Published: August 09, 2019; 4:15:11 PM -0400 		V4.0:(not available)
 V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2019-11776

In Eclipse BIRT versions 1.0 to 4.7, the Report Viewer allows Reflected XSS in URL parameter. Attacker can execute the payload in victim's browser context.

Published: August 09, 2019; 3:15:11 PM -0400 		V4.0:(not available)
 V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2018-20858

Recommender before 2018-07-18 allows XSS.

Published: August 09, 2019; 12:15:10 PM -0400 		V4.0:(not available)
 V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2019-14805

studio/builder_menu.php?page=sets in UNA 10.0.0-RC1 allows XSS via the System Name field under Sets during set editing.

Published: August 09, 2019; 10:15:12 AM -0400 		V4.0:(not available)
 V3.0: 4.8 MEDIUM
V2.0: 3.5 LOW
CVE-2019-14804

studio/polyglot.php?page=etemplates in UNA 10.0.0-RC1 allows XSS via the System Name field under Emails during template editing.

Published: August 09, 2019; 10:15:11 AM -0400 		V4.0:(not available)
 V3.0: 4.8 MEDIUM
V2.0: 3.5 LOW
CVE-2019-14797

The 10Web Photo Gallery plugin before 1.5.23 for WordPress has authenticated stored XSS.

Published: August 09, 2019; 10:15:11 AM -0400 		V4.0:(not available)
 V3.0: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2019-14796

The mq-woocommerce-products-price-bulk-edit (aka Woocommerce Products Price Bulk Edit) plugin 2.0 for WordPress allows XSS via the wp-admin/admin-ajax.php?action=update_options show_products_page_limit parameter.

Published: August 09, 2019; 10:15:11 AM -0400 		V4.0:(not available)
 V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW