Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-15 | CVE-2022-1226 | Cross-site Scripting vulnerability in PHPipam A Cross-Site Scripting (XSS) vulnerability in phpipam/phpipam versions prior to 1.4.7 allows attackers to execute arbitrary JavaScript code in the browser of a victim. | 4.8 |
| 2024-11-15 | CVE-2023-0109 | Cross-site Scripting vulnerability in Usememos Memos 0.9.1 A stored cross-site scripting (XSS) vulnerability was discovered in usememos/memos version 0.9.1. | 5.4 |
| 2024-11-15 | CVE-2023-2332 | Cross-site Scripting vulnerability in Pimcore 10.5.19 A stored Cross-site Scripting (XSS) vulnerability exists in the Conditions tab of Pricing Rules in pimcore/pimcore versions 10.5.19. | 4.8 |
| 2024-11-15 | CVE-2024-0875 | Cross-site Scripting vulnerability in Open-Emr Openemr 7.0.1 A stored cross-site scripting (XSS) vulnerability exists in openemr/openemr version 7.0.1. | 4.8 |
| 2024-11-15 | CVE-2024-11182 | Cross-site Scripting vulnerability in Mdaemon 5.0/5.0.6 An XSS issue was discovered in MDaemon Email Server before version 24.5.1c. | 6.1 |
| 2024-11-15 | CVE-2024-1097 | Cross-site Scripting vulnerability in K5N Webcalendar 1.3.0 A stored cross-site scripting (XSS) vulnerability exists in craigk5n/webcalendar version 1.3.0. | 5.4 |
| 2024-11-15 | CVE-2024-10825 | Cross-site Scripting vulnerability in Wpplugins Hide MY WP Ghost The Hide My WP Ghost – Security & Firewall plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the URL in all versions up to, and including, 5.3.01 due to insufficient input sanitization and output escaping. | 6.1 |
| 2024-11-15 | CVE-2024-8961 | Cross-site Scripting vulnerability in Wpdeveloper Essential Addons for Elementor The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘nomore_items_text’ parameter in all versions up to, and including, 6.0.7 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-11-15 | CVE-2024-10113 | Cross-site Scripting vulnerability in Wpeka WP Adcenter The WP AdCenter – Ad Manager & Adsense Ads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpadcenter_ad shortcode in all versions up to, and including, 2.5.7 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-11-15 | CVE-2024-10260 | Cross-site Scripting vulnerability in Tripetto The Tripetto plugin for WordPress is vulnerable to Stored Cross-Site Scripting via File uploads in all versions up to, and including, 8.0.3 due to insufficient input sanitization and output escaping. | 6.1 |