CVE List by Type: XSS (Filtered by Published Year)

Explore CVEs related to XSS vulnerabilities, filtered by published year. This list is sorted by most recent disclosures first and supports filtering by CVSS and EPSS risk scores.

Includes the most recent vulnerability disclosures and trends, helping security teams quickly identify high-risk issues and exploitation likelihood.

You're viewing XSS CVEs published in 2025. View full CVE list

Showing 120 of 8454 results
«« First « Prev Page 1 / 423 Next »
CVE Description Max CVSS EPSS % Published Updated
CVE-2025-67711 There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser. 6.1 0.20% 2025-12-31 2026-06-17
CVE-2025-67710 There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser. 6.1 0.20% 2025-12-31 2026-06-17
CVE-2025-67709 There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser. 6.1 0.20% 2025-12-31 2026-06-17
CVE-2025-67708 There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser. 6.1 0.20% 2025-12-31 2026-06-17
CVE-2025-67705 There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser. 6.1 0.19% 2025-12-31 2026-06-17
CVE-2025-67704 There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser. 6.1 0.20% 2025-12-31 2026-06-17
CVE-2025-67703 There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser. 6.1 0.19% 2025-12-31 2026-06-17
CVE-2025-53235 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in osuthorpe Easy Social easy-social-media allows Reflected XSS.This issue affects Easy Social: from n/a through <= 1.3. 7.1 0.19% 2025-12-31 2026-06-17
CVE-2025-52739 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uxper Sala allows Reflected XSS.This issue affects Sala: from n/a through 1.1.3. 7.1 0.15% 2025-12-31 2026-06-17
CVE-2025-50053 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nebelhorn Blappsta Mobile App Plugin – Your native, mobile iPhone App and Android App yournewsapp allows Reflected XSS.This issue affects Blappsta Mobile App Plugin – Your native, mobile iPhone App and Android App: from n/a through <= 0.8.8.8. 7.1 0.15% 2025-12-31 2026-06-17
CVE-2025-47566 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZoomSounds allows Reflected XSS.This issue affects ZoomSounds: from n/a through 6.91. 7.1 0.15% 2025-12-31 2026-06-17
CVE-2025-23757 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Proloy Chakroborty ZD Scribd iPaper zd-scribd-ipaper allows Reflected XSS.This issue affects ZD Scribd iPaper: from n/a through <= 1.0. 7.1 0.08% 2025-12-31 2026-06-17
CVE-2025-23719 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zckevin ZhinaTwitterWidget zhina-twitter-widget allows Reflected XSS.This issue affects ZhinaTwitterWidget: from n/a through <= 1.0. 7.1 0.08% 2025-12-31 2026-06-17
CVE-2025-23707 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Matamko En Masse en-masse-wp allows Reflected XSS.This issue affects En Masse: from n/a through <= 1.0. 7.1 0.08% 2025-12-31 2026-06-17
CVE-2025-23705 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Terry Zielke Zielke Design Project Gallery zielke-design-project-gallery allows Reflected XSS.This issue affects Zielke Design Project Gallery: from n/a through <= 2.5.0. 7.1 0.08% 2025-12-31 2026-06-17
CVE-2025-23667 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Christopher Churchill custom-post-edit front-end-post-edit allows Reflected XSS.This issue affects custom-post-edit: from n/a through <= 1.0.4. 7.1 0.08% 2025-12-31 2026-06-17
CVE-2021-47743 COMMAX Biometric Access Control System 1.0.0 contains an unauthenticated reflected cross-site scripting vulnerability in cookie parameters 'CMX_ADMIN_NM' and 'CMX_COMPLEX_NM'. Attackers can inject malicious HTML and JavaScript code into these cookie values to execute arbitrary scripts in a victim's browser session. 5.1 0.24% 2025-12-31 2026-06-17
CVE-2021-47725 STVS ProVision 5.9.10 contains a cross-site scripting vulnerability in the 'files' POST parameter that allows authenticated attackers to inject arbitrary HTML code. Attackers can exploit the unvalidated input to execute malicious scripts within a user's browser session in the context of the affected site. 4.8 0.18% 2025-12-31 2026-06-17
CVE-2025-62989 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Gora Tech Cooked cooked allows Stored XSS.This issue affects Cooked: from n/a through <= 1.11.3. 5.9 0.14% 2025-12-31 2026-06-17
CVE-2025-59135 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in eleopard Behance Portfolio Manager portfolio-manager-powered-by-behance allows Stored XSS.This issue affects Behance Portfolio Manager: from n/a through <= 1.7.5. 5.9 0.14% 2025-12-31 2026-06-17
«« First « Prev Page 1 / 423 Next »
cvelogic Threat Intelligence