Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-02 | CVE-2024-7932 | Cross-site Scripting vulnerability in 3DS 3Dexperience R2024X A stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer on Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session. | 5.4 |
| 2024-09-02 | CVE-2024-7938 | Cross-site Scripting vulnerability in 3DS 3Dexperience R2023X/R2024X A stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session. | 5.4 |
| 2024-09-02 | CVE-2024-7939 | Cross-site Scripting vulnerability in 3DS 3Dexperience R2024X A stored Cross-site Scripting (XSS) vulnerability affecting 3DSwym in 3DSwymer on Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session. | 5.4 |
| 2024-09-02 | CVE-2024-8004 | Cross-site Scripting vulnerability in 3DS 3Dexperience Enovia R2022X/R2023X/R2024X A stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session. | 5.4 |
| 2024-09-02 | CVE-2024-7354 | Cross-site Scripting vulnerability in Ninjaforms Ninja Forms The Ninja Forms WordPress plugin before 3.8.11 does not escape an URL before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 6.1 |
| 2024-09-02 | CVE-2024-7691 | Cross-site Scripting vulnerability in Projectcaruso Flaming Forms The Flaming Forms WordPress plugin through 1.0.1 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks against administrators. | 6.1 |
| 2024-09-02 | CVE-2024-7692 | Cross-site Scripting vulnerability in Projectcaruso Flaming Forms The Flaming Forms WordPress plugin through 1.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | 6.1 |
| 2024-08-31 | CVE-2024-8366 | Cross-site Scripting vulnerability in Code-Projects Pharmacy Management System 1.0 A vulnerability was found in code-projects Pharmacy Management System 1.0. | 4.7 |
| 2024-08-31 | CVE-2024-8108 | Cross-site Scripting vulnerability in Share This Image Project Share This Image The Share This Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'alignment' parameter in all versions up to, and including, 2.01 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-08-31 | CVE-2024-8276 | Cross-site Scripting vulnerability in Wpzoom Portfolio The WPZOOM Portfolio Lite – Filterable Portfolio Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ attribute within the 'wp:wpzoom-blocks' Gutenberg block in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping. | 5.4 |