Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE	CVE	VULNERABILITY TITLE	RISK
2024-08-30	CVE-2024-34577	Cross-site Scripting vulnerability in Elecom products Cross-site scripting vulnerability exists in WRC-X3000GS2-B, WRC-X3000GS2-W, and WRC-X3000GS2A-B due to improper processing of input values in easysetup.cgi. network low complexity elecom CWE-79	6.1
2024-08-30	CVE-2024-42412	Cross-site Scripting vulnerability in Elecom Wab-I1750-Ps Firmware and Wab-S1167-Ps Firmware Cross-site scripting vulnerability exists in ELECOM wireless access points due to improper processing of input values in menu.cgi. network low complexity elecom CWE-79	6.1
2024-08-30	CVE-2024-3998	Cross-site Scripting vulnerability in Muffingroup Betheme 26.5.1.4/26.6/26.6.1 The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's shortcodes in all versions up to, and including, 27.5.6 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity muffingroup CWE-79	5.4
2024-08-30	CVE-2024-5879	Cross-site Scripting vulnerability in Hubspot The HubSpot – CRM, Email Marketing, Live Chat, Forms & Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute of the HubSpot Meeting Widget in all versions up to, and including, 11.1.22 due to insufficient input sanitization and output escaping. network low complexity hubspot CWE-79	5.4
2024-08-30	CVE-2024-4401	Cross-site Scripting vulnerability in Wpvibes Elementor Addon Elements The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ and 'eae_slider_animation' parameters in all versions up to, and including, 1.13.5 due to insufficient input sanitization and output escaping. network low complexity wpvibes CWE-79	5.4
2024-08-30	CVE-2024-5024	Cross-site Scripting vulnerability in Memberpress The Memberpress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'mepr_screenname' and 'mepr_key' parameter in all versions up to, and including, 1.11.29 due to insufficient input sanitization and output escaping. network low complexity memberpress CWE-79	6.1
2024-08-30	CVE-2024-5061	Cross-site Scripting vulnerability in Kriesi Enfold The Enfold - Responsive Multi-Purpose Theme theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wrapper_class’ and 'class' parameters in all versions up to, and including, 6.0.3 due to insufficient input sanitization and output escaping. network low complexity kriesi CWE-79	5.4
2024-08-30	CVE-2024-8328	Cross-site Scripting vulnerability in Easy Test Online Learning and Testing Platform Project Easy Test Online Learning and Testing Platform Easy test Online Learning and Testing Platform from HWA JIUH DIGITAL TECHNOLOGY does not properly validate a specific page parameter, allowing remote attackers with regular privilege to inject arbitrary JavaScript code and perform Reflected Cross-site scripting attacks. network low complexity easy-test-online-learning-and-testing-platform-project CWE-79	5.4
2024-08-29	CVE-2024-41349	Cross-site Scripting vulnerability in Cdevroe Unmark 1.9.2 unmark 1.9.2 is vulnerable to Cross Site Scripting (XSS) via application/views/marks/add_by_url.php. network low complexity cdevroe CWE-79	6.1
2024-08-29	CVE-2024-41345	Cross-site Scripting vulnerability in Jpatokal Openflights 20240820 openflights commit 5234b5b is vulnerable to Cross-Site Scripting (XSS) via php/trip.php network low complexity jpatokal CWE-79	5.4