Cross Site Scripting ( X. S. S.)

Cross Site Scripting or lovingly called XSS. This is primarily is web application vulnerability. Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it.

There are three type of XSS attacks:

  1. Stored Cross Site Scripting
  2. Reflected Cross Site Scripting
  3. DOM Based XSS

Note: XSS is a type of Injection flaw, however due to its widespread nature its generally considered as a independent issue.

Reference Source:

  1. https://owasp.org/www-community/attacks/xss/
  2. https://en.wikipedia.org/wiki/Cross-site_scripting

List of Cross Site Scripting (X.S.S.) Flaws

Status Component Name Version Disclosed By Disclosure Date Access Level CVE-Number
wp-plugin : keyring 1.5 Anantshri 2014/07/07 Unauthenticated Not Assigned
wp-plugin : immopress 0.0.4 Anantshri 2014/07/07 Unauthenticated Not Assigned
wp-plugin : animal-captcha 1.6.2 Anantshri 2014/07/07 Unauthenticated Not Assigned
wp-plugin : hunk-external-links 3.0.5 Anantshri 2014/07/07 Unauthenticated Not Assigned
wp-plugin : google-maps-in-posts 1.5.3 Anantshri 2014/07/07 Unauthenticated Not Assigned
wp-plugin : aprils-super-functions-pack 1.4.7 Anantshri 2014/07/07 Unauthenticated Not Assigned
wp-plugin : google-map-generator 1.3.1 Anantshri 2014/07/07 Unauthenticated Not Assigned
wp-plugin : athlon-manage-calameo-publications 1.1.0 Anantshri 2014/07/07 Unauthenticated Not Assigned
wp-plugin : gbteamstats 1.5.1 Anantshri 2014/07/07 Unauthenticated Not Assigned
wp-plugin : avchat-3 1.4.1 Anantshri 2014/07/07 Unauthenticated Not Assigned
wp-plugin : garees-flickr-feed 0.8 Anantshri 2014/07/07 Unauthenticated Not Assigned
wp-plugin : blogroll-fun 0.8.4 Anantshri 2014/07/07 Unauthenticated Not Assigned
wp-plugin : fixedly 1.3.1 Anantshri 2014/07/07 Unauthenticated Not Assigned
wp-plugin : captcha-in-thai 1.1 Anantshri 2014/07/07 Unauthenticated Not Assigned
wp-plugin : filtre-de-surveillance-gouvernemental 1.1 Anantshri 2014/07/07 Unauthenticated Not Assigned
wp-plugin : clicksold-wordpress-plugin 1.48 Anantshri 2014/07/07 Unauthenticated Not Assigned
wp-plugin : fancy-cats 1.1 Anantshri 2014/07/07 Unauthenticated Not Assigned
wp-plugin : clipta-video-informer 1 Anantshri 2014/07/07 Unauthenticated Not Assigned
wp-plugin : dialogs 1.0.3 Anantshri 2014/07/07 Unauthenticated Not Assigned
wp-plugin : contentboxes 1.1 Anantshri 2014/07/07 Unauthenticated Not Assigned
wp-plugin : coupon-tab-for-directorypress-pp 0.2.0 Anantshri 2014/07/07 Unauthenticated Not Assigned
wp-plugin : daily-inspiration-generator 2 Anantshri 2014/07/07 Unauthenticated Not Assigned
wp-plugin : mywebcounter 1.1 Anantshri 2014/07/07 Unauthenticated Not Assigned
wp-plugin : wu-rating 1.0 12319 Anantshri 2014/06/12 Unauthenticated CVE-2014-4601
wp-plugin : wp-tmkm-amazon 1.5b Anantshri 2014/06/12 Unauthenticated CVE-2014-4598
wp-plugin : wp-restful 0.1 Anantshri 2014/06/12 Unauthenticated CVE-2014-4595
wp-plugin : wp-responsive-preview 1.1 Anantshri 2014/06/12 Unauthenticated CVE-2014-4594
wp-plugin : wp-picasa-image 1 Anantshri 2014/06/12 Unauthenticated CVE-2014-4591
wp-plugin : wp-microblogs 0.4.0 Anantshri 2014/06/12 Unauthenticated CVE-2014-4590
wp-plugin : wp-guestmap 1.8 Anantshri 2014/06/12 Unauthenticated CVE-2014-4587
wp-plugin : wp-football 1.1 Anantshri 2014/06/12 Unauthenticated CVE-2014-4586
wp-plugin : wp-facethumb Anantshri 2014/06/12 Unauthenticated CVE-2014-4585
wp-plugin : wp-consultant 1 Anantshri 2014/06/12 Unauthenticated CVE-2014-4582
wp-plugin : wp-blipbot 3.0.9 Anantshri 2014/06/12 Unauthenticated CVE-2014-4580
wp-plugin : wp-appointments-schedules 1.5 Anantshri 2014/06/12 Unauthenticated CVE-2014-4579
wp-plugin : wikipop 2 Anantshri 2014/06/12 Unauthenticated CVE-2014-4575
wp-plugin : walk-score 0.5.5 Anantshri 2014/06/12 Unauthenticated CVE-2014-4573
wp-plugin : vn-calendar 1 Anantshri 2014/06/12 Unauthenticated CVE-2014-4571
wp-plugin : videowhisper-video-presentation 3.25 Anantshri 2014/06/12 Unauthenticated CVE-2014-4570
wp-plugin : videowhisper-live-streaming-integration 4.27.2 Anantshri 2014/06/12 Unauthenticated CVE-2014-2715
wp-plugin : video-posts-webcam-recorder 1.55.4 Anantshri 2014/06/12 Unauthenticated CVE-2014-4568
wp-plugin : video-comments-webcam-recorder 1.55 Anantshri 2014/06/12 Unauthenticated CVE-2014-4567
wp-plugin : verification-code-for-comments 2.1.0 Anantshri 2014/06/12 Unauthenticated CVE-2014-4565
wp-plugin : ruven-toolkit 1.1 Anantshri 2014/06/12 Unauthenticated CVE-2014-4548
wp-plugin : wpcb 2.4.8 Anantshri 2014/06/04 Unauthenticated CVE-2014-4581
wp-plugin : wp-app-maker 1.0.16.4 Anantshri 2014/06/04 Unauthenticated CVE-2014-4578
wp-plugin : keyword-strategy-internal-links 2 Prajalkulkarni 2014/05/28 Unauthenticated CVE-2014-4537
wp-plugin : wp-social-invitations 1.4.4.2 Prajalkulkarni 2014/05/28 Unauthenticated CVE-2014-4597
wp-plugin : easy-career-openings 0.4 Prajalkulkarni 2014/05/28 Unauthenticated CVE-2014-4523
wp-plugin : conversador 2.61 Prajalkulkarni 2014/05/28 Unauthenticated CVE-2014-4519
wp-plugin : bic-media 1 Prajalkulkarni 2014/05/28 Unauthenticated CVE-2014-4516
wp-plugin : anyfont 2.2.3 Prajalkulkarni 2014/05/28 Unauthenticated CVE-2014-4515
wp-plugin : your-text-manager 0.3.0 Prajalkulkarni 2014/05/28 Unauthenticated CVE-2014-4604
wp-plugin : webengage 2.0.0 Prajalkulkarni 2014/05/28 Unauthenticated CVE-2014-4574
wp-plugin : swipe-hq-checkout-for-jigoshop 3.1.0 Prajalkulkarni 2014/05/28 Unauthenticated CVE-2014-4557
wp-plugin : rezgo 1.4.2 Prajalkulkarni 2014/05/28 Unauthenticated CVE-2014-4546
wp-plugin : fbpromotions 1.3.4 Prajalkulkarni 2014/05/28 Unauthenticated CVE-2014-4528
wp-plugin : easy-post-types 1.4.3 Prajalkulkarni 2014/05/28 Unauthenticated CVE-2014-4524
wp-plugin : rezgo-online-booking 1.8 Prajalkulkarni 2014/05/28 Unauthenticated CVE-2014-4547
wp-plugin : efence 1.3.2 Prajalkulkarni 2014/05/28 Unauthenticated CVE-2014-4526
wp-plugin : oleggo-livestream 0.2.6 Prajalkulkarni 2014/05/28 Unauthenticated CVE-2014-4540
wp-plugin : dmca-watermarker 1 Prajalkulkarni 2014/05/28 Unauthenticated CVE-2014-4520
wp-plugin : alipay 3.6.0 Prajalkulkarni 2014/05/28 Unauthenticated CVE-2014-4514
wp-plugin : zelist-directory 0.5.11.07 Anantshri 2014/05/28 Unauthenticated Not Assigned
wp-plugin : zdstats 2.0.1 Anantshri 2014/05/28 Unauthenticated CVE-2014-4605
wp-plugin : yahoo-updates-for-wordpress 1 Anantshri 2014/05/28 Unauthenticated CVE-2014-4603
wp-plugin : xen-carousel 0.12.2 Anantshri 2014/05/28 Unauthenticated CVE-2014-4602
wp-plugin : swipehq-payment-gateway-woocommerce 2.7.1 Prajalkulkarni 2014/05/28 Unauthenticated CVE-2014-4558
wp-plugin : ss-downloads 1.4.41 Prajalkulkarni 2014/05/28 Unauthenticated Not Assigned
wp-plugin : omfg-mobile 1.1.26 Prajalkulkarni 2014/05/28 Unauthenticated CVE-2014-4541
wp-plugin : malware-finder 1.1 Prajalkulkarni 2014/05/28 Unauthenticated CVE-2014-4538
wp-plugin : envialosimple-email-marketing-y-newsletters-gratis 1.97 Prajalkulkarni 2014/05/28 Unauthenticated CVE-2014-4527
wp-plugin : activehelper-livehelp 3.1.0 Prajalkulkarni 2014/05/28 Unauthenticated CVE-2014-4513
wp-plugin : zeenshare 1.0.1 Prajalkulkarni 2014/05/25 Unauthenticated CVE-2014-4606
wp-plugin : wpsnapapp 1.5 Prajalkulkarni 2014/05/25 Unauthenticated CVE-2014-4596
wp-plugin : wppm 1.6.4.b Prajalkulkarni 2014/05/25 Unauthenticated CVE-2014-4593
wp-plugin : wphotfiles 1 Prajalkulkarni 2014/05/25 Unauthenticated CVE-2014-4588
wp-plugin : wp-ultimate-email-marketer 1.1.0 Prajalkulkarni 2014/05/25 Unauthenticated CVE-2014-4600
wp-plugin : wp-ttisbdir 1.0.2 Prajalkulkarni 2014/05/25 Unauthenticated CVE-2014-4599
wp-plugin : wp-planet 0.1 Prajalkulkarni 2014/05/25 Unauthenticated CVE-2014-4592
wp-plugin : wp-media-player 0.8 Prajalkulkarni 2014/05/25 Unauthenticated CVE-2014-4589
wp-plugin : wp-easybooking 1.0.3 Prajalkulkarni 2014/05/25 Unauthenticated CVE-2014-4584
wp-plugin : wp-contact-sidebar-widget 1 Prajalkulkarni 2014/05/25 Unauthenticated CVE-2014-4583
wp-plugin : wordpress-social-login 2.0.3 Prajalkulkarni 2014/05/25 Unauthenticated CVE-2014-4576
wp-plugin : votecount-for-balatarin 0.1.1 Prajalkulkarni 2014/05/25 Unauthenticated CVE-2014-4572
wp-plugin : verweise-wordpress-twitter 1.0.2 Prajalkulkarni 2014/05/25 Unauthenticated CVE-2014-4566
wp-plugin : validated 1.0.2 Prajalkulkarni 2014/05/25 Unauthenticated CVE-2014-4564
wp-plugin : url-cloak-encrypt 2 Prajalkulkarni 2014/05/25 Unauthenticated CVE-2014-4563
wp-plugin : ultimate-weather-plugin 1 Prajalkulkarni 2014/05/25 Unauthenticated CVE-2014-4561
wp-plugin : toolpage 1.6.1 Prajalkulkarni 2014/05/25 Unauthenticated CVE-2014-4560
wp-plugin : swipehq-payment-gateway-wp-e-commerce 3.1.0 Prajalkulkarni 2014/05/25 Unauthenticated CVE-2014-4559
wp-plugin : style-it 1 Prajalkulkarni 2014/05/25 Unauthenticated CVE-2014-4555
wp-plugin : spreadshirt-rss-3d-cube-flash-gallery Prajalkulkarni 2014/05/25 Unauthenticated CVE-2014-4553
wp-plugin : spotlightyour 4.7 Prajalkulkarni 2014/05/25 Unauthenticated CVE-2014-4552
wp-plugin : social-connect 1.0.4 Prajalkulkarni 2014/05/25 Unauthenticated CVE-2014-4551
wp-plugin : shortcode-ninja 1.4 Prajalkulkarni 2014/05/25 Unauthenticated CVE-2014-4550
wp-plugin : sagepay-direct-for-woocommerce-payment-gateway 0.1.6.7 - 20140128 Prajalkulkarni 2014/05/25 Unauthenticated CVE-2014-4549
wp-plugin : proquoter 1 Prajalkulkarni 2014/05/25 Unauthenticated CVE-2014-4545
wp-plugin : podcast-channels 0.2.0 Prajalkulkarni 2014/05/25 Unauthenticated CVE-2014-4544
wp-plugin : pay-per-media-player 1.24 Prajalkulkarni 2014/05/25 Unauthenticated CVE-2014-4543
wp-plugin : ooorl Prajalkulkarni 2014/05/25 Unauthenticated CVE-2014-4542
wp-plugin : movies 0.6 Prajalkulkarni 2014/05/25 Unauthenticated CVE-2014-4539
wp-plugin : infusionsoft 1.5.7 Prajalkulkarni 2014/05/25 Unauthenticated CVE-2014-4536
wp-plugin : import-legacy-media 0.1 Prajalkulkarni 2014/05/25 Unauthenticated CVE-2014-4535
wp-plugin : html5-video-player-with-playlist 2.4.0 Prajalkulkarni 2014/05/25 Unauthenticated CVE-2014-4534
wp-plugin : geo-redirector 1.0.1 Prajalkulkarni 2014/05/25 Unauthenticated CVE-2014-4533
wp-plugin : garagesale 1.2.2 Prajalkulkarni 2014/05/25 Unauthenticated CVE-2014-4532
wp-plugin : game-tabs 0.4.0 Prajalkulkarni 2014/05/25 Unauthenticated CVE-2014-4531
wp-plugin : flash-photo-gallery 0.7 Prajalkulkarni 2014/05/25 Unauthenticated [CVE-2014-4529]
wp-plugin : ebay-feeds-for-wordpress 1.1 Prajalkulkarni 2014/05/25 Unauthenticated CVE-2014-4525
wp-plugin : dssearchagent-wordpress-edition 1.0-beta10 Prajalkulkarni 2014/05/25 Unauthenticated CVE-2014-4522
wp-plugin : dsidxpress 2.1.0 Prajalkulkarni 2014/05/25 Unauthenticated CVE-2014-4521
wp-plugin : cbi-referral-manager 1.2.1 Prajalkulkarni 2014/05/25 Unauthenticated CVE-2014-4517
wp-plugin : flog – A3-Cross-Site Scripting (XSS) [0.1] Prajalkulkarni 2014/04/25 [Unauthenticated] CVE-2014-4530
wp-plugin : contactme 2.3 Prajalkulkarni Unauthenticated CVE-2014-4518