CWE-79: Cross-site Scripting (XSS)

This vulnerability allows unauthenticated attackers to inject malicious JavaScript into WordPress pages using the LiquidPoll plugin. When users visit ...

The WordPress File Upload plugin versions up to 4.24.8 contain a stored cross-site scripting vulnerability in SVG file uploads. Unauthenticated attack...

This vulnerability allows authenticated users with content editing permissions (typically Editor role or higher) to inject malicious scripts into Rich...

OpenObserve versions 0.4.4 through 0.9.x contain a cross-site scripting (XSS) vulnerability in the MemberSubscription.vue component. This allows attac...

This vulnerability allows unauthenticated attackers to inject malicious scripts into WordPress pages using the Social Auto Poster plugin. When users v...

This vulnerability allows unauthenticated attackers to inject malicious scripts into WordPress feedback forms via the name parameter. When high-privil...

IBM InfoSphere Information Server 11.7 contains a stored cross-site scripting (XSS) vulnerability that allows authenticated users to inject malicious ...

This vulnerability allows unauthenticated attackers to inject malicious scripts via the 'wp_id' parameter in the vcita WordPress plugin. The scripts e...

This vulnerability allows unauthenticated attackers to inject malicious scripts into WordPress pages using the Master Addons plugin's Navigation Menu ...

This vulnerability allows unauthenticated attackers to inject malicious JavaScript into WordPress sites using the YITH WooCommerce Ajax Search plugin....

This vulnerability allows authenticated WordPress users with contributor-level permissions or higher to inject malicious scripts into website pages vi...

This stored XSS vulnerability in the PDF Invoices & Packing Slips for WooCommerce WordPress plugin allows unauthenticated attackers to inject maliciou...

This vulnerability allows unauthenticated attackers to inject malicious scripts into WordPress pages using the EleForms plugin. The scripts execute wh...

The WP Meta SEO WordPress plugin is vulnerable to stored cross-site scripting (XSS) via the Referer HTTP header. Unauthenticated attackers can inject ...

This vulnerability in the Poll Maker WordPress plugin allows unauthenticated attackers to create malicious quizzes with stored cross-site scripting (X...

This cross-site scripting (XSS) vulnerability in CMSimple v5.15 allows attackers to inject malicious scripts into the Settings menu's Language Configu...

The WP-Members Membership Plugin for WordPress has a stored cross-site scripting (XSS) vulnerability that allows unauthenticated attackers to inject m...

This CVE describes a cross-site scripting (XSS) vulnerability in SRS video server's API endpoint. Attackers can inject malicious JavaScript via the ca...

This vulnerability allows remote attackers within Wi-Fi range to inject malicious scripts into multiple administrative web pages of UBEE DDW365 router...

This vulnerability allows unauthenticated attackers to inject malicious JavaScript into WordPress pages using the RafflePress plugin. When users visit...

This is a cross-site scripting (XSS) vulnerability in FileCatalyst Direct web server versions 3.8.6 through 3.8.8. Attackers can craft malicious URLs ...

This vulnerability allows unauthenticated attackers to inject malicious scripts into WordPress pages using the Ultimate Member plugin. When users visi...

The weForms WordPress plugin has a stored XSS vulnerability in versions up to 1.6.21 where attackers can inject malicious scripts via the 'Referer' HT...

This vulnerability allows unauthenticated attackers to inject malicious scripts into WordPress sites using WPForms Pro plugin. When users visit pages ...

This vulnerability allows unauthenticated attackers to inject malicious JavaScript into WordPress sites using the ARForms Form Builder plugin. When us...

This vulnerability allows unauthenticated attackers to inject malicious scripts into WordPress sites using the POST SMTP Mailer plugin. When users vis...

IBM Aspera Console 3.4.0 contains a cross-site scripting (XSS) vulnerability that allows attackers to inject malicious JavaScript into the web interfa...

This CVE describes a cross-site scripting (XSS) vulnerability in Softing smartLink SW-HT software versions before 1.30. Attackers can inject malicious...

The WP Cerber Security plugin for WordPress versions up to 9.1 contains a stored cross-site scripting (XSS) vulnerability in the log parameter during ...

The MpOperationLogs WordPress plugin up to version 1.0.1 contains a stored cross-site scripting (XSS) vulnerability that allows unauthenticated attack...

This vulnerability in the discourse-encrypt plugin allows cross-site scripting (XSS) attacks when encrypted topic titles are improperly escaped. It af...

The User Submitted Posts WordPress plugin has a stored XSS vulnerability that allows unauthenticated attackers to inject malicious scripts into websit...

This vulnerability allows unauthenticated attackers to inject malicious JavaScript into WordPress sites using the Beautiful Cookie Consent Banner plug...

The Shield Security WordPress plugin up to version 17.0.17 contains a stored XSS vulnerability in the User-Agent header handling. Unauthenticated atta...

This vulnerability allows unauthenticated attackers to inject malicious scripts into WordPress pages using the WP DSGVO Tools (GDPR) plugin, which exe...

This vulnerability allows unauthenticated attackers to inject malicious scripts into WordPress sites using the Frontend File Manager plugin. When user...

This vulnerability allows unauthenticated attackers to inject malicious JavaScript into WordPress sites using the Coming Soon Page & Maintenance Mode ...

This vulnerability allows unauthenticated attackers to inject arbitrary HTML into emails sent by the PirateForms WordPress plugin. This enables phishi...

The Pretty Links WordPress plugin up to version 2.1.9 has a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject ...

This stored XSS vulnerability in the vcita WordPress plugin allows unauthenticated attackers to inject malicious JavaScript via the 'business_id' para...

This vulnerability in the Unyson WordPress plugin allows attackers to inject malicious scripts into web pages viewed by other users. It affects WordPr...

This stored cross-site scripting (XSS) vulnerability in FortiWAN allows attackers to inject malicious scripts into web pages via crafted HTTP requests...

The Amelia WordPress plugin has a stored cross-site scripting (XSS) vulnerability in versions up to 1.0.46. Attackers can inject malicious scripts via...

This vulnerability allows attackers to inject malicious scripts into the WP Statistics WordPress plugin's IP parameter. When site administrators view ...

This vulnerability allows attackers to inject malicious scripts into the WP Statistics WordPress plugin's platform parameter. When site administrators...

CVE-2020-15092 is a cross-site scripting (XSS) vulnerability in TimelineJS that allows attackers to execute malicious JavaScript by injecting HTML int...

This stored cross-site scripting (XSS) vulnerability in the PixelYourSite WordPress plugin allows attackers to inject malicious scripts that execute w...

This DOM-based cross-site scripting (XSS) vulnerability in the PhotoMe WordPress theme allows attackers to inject malicious scripts into web pages vie...

This vulnerability allows attackers to inject malicious scripts into web pages generated by the Grand Conference WordPress theme. When users visit a s...

This is a reflected cross-site scripting (XSS) vulnerability in the Link Whisper Free WordPress plugin. Attackers can inject malicious scripts via cra...