Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-29 | CVE-2024-7606 | Cross-site Scripting vulnerability in Etoilewebdesign Front END Users The Front End Users plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'user-search' shortcode in all versions up to, and including, 3.2.28 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-08-29 | CVE-2024-7895 | Cross-site Scripting vulnerability in Wpbeaveraddons Powerpack Lite for Beaver Builder The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘type’ parameter in all versions up to, and including, 2.8.3.5 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-08-28 | CVE-2024-45046 | Cross-site Scripting vulnerability in PHPoffice PHPspreadsheet PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. | 5.4 |
| 2024-08-28 | CVE-2024-45057 | Cross-site Scripting vulnerability in Portabilis I-Educar i-Educar is free, fully online school management software that can be used by school secretaries, teachers, coordinators, and area managers. | 6.1 |
| 2024-08-28 | CVE-2024-43805 | Cross-site Scripting vulnerability in Jupyter Jupyterlab and Notebook jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. | 6.1 |
| 2024-08-28 | CVE-2024-6450 | Cross-site Scripting vulnerability in Hyperview Geoportal Toolkit HyperView Geoportal Toolkit in versions lower than 8.5.0 is vulnerable to Reflected Cross-Site Scripting (XSS). | 6.1 |
| 2024-08-28 | CVE-2024-7269 | Cross-site Scripting vulnerability in Connx ESP HR Management 4.4.0 Improper Neutralization of Input During Web Page Generation vulnerability in "Update of Personal Details" form in ConnX ESP HR Management allows Stored XSS attack. An attacker might inject a script to be run in user's browser. After multiple attempts to contact the vendor we did not receive any answer. | 5.4 |
| 2024-08-28 | CVE-2021-38122 | Cross-site Scripting vulnerability in Microfocus Netiq Advanced Authentication A Cross-Site Scripting vulnerable identified in NetIQ Advance Authentication that impacts the server functionality and disclose sensitive information. This issue affects NetIQ Advance Authentication before 6.3.5.1 | 8.2 |
| 2024-08-28 | CVE-2024-4554 | Cross-site Scripting vulnerability in Microfocus Netiq Access Manager 5.0.2 Improper Input Validation vulnerability in OpenText NetIQ Access Manager leads to Cross-Site Scripting (XSS) attack. This issue affects NetIQ Access Manager before 5.0.4.1 and 5.1. | 5.4 |
| 2024-08-27 | CVE-2022-39996 | Cross-site Scripting vulnerability in Teldat Rs123 Firmware and Rs123W Firmware Cross Site Scripting vulnerability in Teldats Router RS123, RS123w allows attacker to execute arbitrary code via the cmdcookie parameter to the upgrade/query.php page. | 4.8 |