Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2024-08-31 CVE-2024-8108 Cross-site Scripting vulnerability in Share This Image Project Share This Image
The Share This Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'alignment' parameter in all versions up to, and including, 2.01 due to insufficient input sanitization and output escaping.
network
low complexity
share-this-image-project CWE-79
5.4
5.4
2024-08-31 CVE-2024-8276 Cross-site Scripting vulnerability in Wpzoom Portfolio
The WPZOOM Portfolio Lite – Filterable Portfolio Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ attribute within the 'wp:wpzoom-blocks' Gutenberg block in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping.
network
low complexity
wpzoom CWE-79
5.4
5.4
2024-08-31 CVE-2024-3886 Cross-site Scripting vulnerability in Tagdiv Composer 4.2/4.4
The tagDiv Composer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘envato_code[]’ parameter in all versions up to, and including, 5.0 due to insufficient input sanitization and output escaping within the on_ajax_check_envato_code function.
network
low complexity
tagdiv CWE-79
6.1
6.1
2024-08-31 CVE-2024-5212 Cross-site Scripting vulnerability in Tagdiv Composer 4.2/4.4
The tagDiv Composer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘envato_code[]’ parameter in all versions up to, and including, 5.0 due to insufficient input sanitization and output escaping within the on_ajax_register_forum_user function.
network
low complexity
tagdiv CWE-79
6.1
6.1
2024-08-30 CVE-2024-44682 Cross-site Scripting vulnerability in Shopxo 6.2.0
ShopXO 6.2 is vulnerable to Cross Site Scripting (XSS) in the backend that allows attackers to execute code by changing POST parameters.
network
low complexity
shopxo CWE-79
6.1
6.1
2024-08-30 CVE-2024-44683 Cross-site Scripting vulnerability in Seacms 13.0
Seacms v13 is vulnerable to Cross Site Scripting (XSS) via admin-video.php.
network
low complexity
seacms CWE-79
6.1
6.1
2024-08-30 CVE-2024-44684 Cross-site Scripting vulnerability in Tpmecms 1.3.3.2
TpMeCMS 1.3.3.2 is vulnerable to Cross Site Scripting (XSS) in /h.php/page?ref=addtabs via the "Title," "Images," and "Content" fields.
network
low complexity
tpmecms CWE-79
6.1
6.1
2024-08-30 CVE-2024-45047 Cross-site Scripting vulnerability in Svelte
svelte performance oriented web framework.
network
low complexity
svelte CWE-79
6.1
6.1
2024-08-30 CVE-2024-7122 Cross-site Scripting vulnerability in Wpvibes Elementor Addon Elements
The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.13.6 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
wpvibes CWE-79
5.4
5.4
2024-08-30 CVE-2024-8274 Cross-site Scripting vulnerability in Wpbookingcalendar WP Booking Calendar
The WP Booking Calendar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via several parameters from 'timeline_obj' in all versions up to, and including, 10.5 due to insufficient input sanitization and output escaping.
network
low complexity
wpbookingcalendar CWE-79
6.1
6.1