Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2024-09-04 CVE-2024-8117 Cross-site Scripting vulnerability in Wpextended WP Extended
The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘selected_option’ parameter in all versions up to, and including, 3.0.8 due to insufficient input sanitization and output escaping.
network
low complexity
wpextended CWE-79
6.1
6.1
2024-09-04 CVE-2024-8119 Cross-site Scripting vulnerability in Wpextended WP Extended
The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the page parameter in all versions up to, and including, 3.0.8 due to insufficient input sanitization and output escaping.
network
low complexity
wpextended CWE-79
6.1
6.1
2024-09-04 CVE-2024-6020 Cross-site Scripting vulnerability in Fetchdesigns Sign-Up Sheets
The Sign-up Sheets WordPress plugin before 2.2.13 does not escape some generated URLs, as well as the $_SERVER['REQUEST_URI'] parameter before outputting them back in attributes, which could lead to Reflected Cross-Site Scripting.
network
low complexity
fetchdesigns CWE-79
6.1
6.1
2024-09-04 CVE-2024-6722 Cross-site Scripting vulnerability in Mansurahamed Chatbot Support AI
The Chatbot Support AI: Free ChatGPT Chatbot, Woocommerce Chatbot WordPress plugin through 1.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
network
low complexity
mansurahamed CWE-79
4.8
4.8
2024-09-04 CVE-2024-6888 Cross-site Scripting vulnerability in Ays-Pro Secure Copy Content Protection and Content Locking
The Secure Copy Content Protection and Content Locking WordPress plugin before 4.1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
network
low complexity
ays-pro CWE-79
4.8
4.8
2024-09-04 CVE-2024-6889 Cross-site Scripting vulnerability in Ays-Pro Secure Copy Content Protection and Content Locking
The Secure Copy Content Protection and Content Locking WordPress plugin before 4.1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
network
low complexity
ays-pro CWE-79
4.8
4.8
2024-09-04 CVE-2024-8325 Cross-site Scripting vulnerability in Blockspare
The Blockspare: Gutenberg Blocks & Patterns for Blogs, Magazines, Business Sites – Post Grids, Sliders, Carousels, Counters, Page Builder & Starter Site Imports, No Coding Needed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in the ‘blockspare_render_social_sharing_block’ function in all versions up to, and including, 3.2.4 due to insufficient input sanitization and output escaping.
network
low complexity
blockspare CWE-79
5.4
5.4
2024-09-03 CVE-2024-45180 Cross-site Scripting vulnerability in Squaredup DS for Scom
SquaredUp DS for SCOM 6.2.1.11104 allows XSS.
network
low complexity
squaredup CWE-79
5.4
5.4
2024-09-03 CVE-2024-45389 Cross-site Scripting vulnerability in Cloudcannon Pagefinder
Pagefind, a fully static search library, initializes its dynamic JavaScript and WebAssembly files relative to the location of the first script the user loads.
network
low complexity
cloudcannon CWE-79
5.4
5.4
2024-09-03 CVE-2024-43413 Cross-site Scripting vulnerability in Xibosignage Xibo
Xibo is an open source digital signage platform with a web content management system (CMS).
network
low complexity
xibosignage CWE-79
4.8
4.8