Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE	CVE	VULNERABILITY TITLE	RISK
2024-10-23	CVE-2024-20341	Cross-site Scripting vulnerability in Cisco Adaptive Security Appliance Software A vulnerability in the VPN web client services feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a browser that is accessing an affected device. network low complexity cisco CWE-79	6.1
2024-10-23	CVE-2024-10250	Cross-site Scripting vulnerability in Steelthemes Nioland The Nioland theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘s’ parameter in all versions up to, and including, 1.2.6 due to insufficient input sanitization and output escaping. network low complexity steelthemes CWE-79	6.1
2024-10-23	CVE-2024-10286	Cross-site Scripting vulnerability in Ujangrohidin Localserver 1.0.9 Cross-Site Scripting (XSS) vulnerability affecting LocalServer 1.0.9 that could allow a remote user to send a specially crafted query to an authenticated user and steal their session details through /testmail/index.php, parameter to. network low complexity ujangrohidin CWE-79	6.1
2024-10-23	CVE-2024-10287	Cross-site Scripting vulnerability in Ujangrohidin Localserver 1.0.9 Cross-Site Scripting (XSS) vulnerability affecting LocalServer 1.0.9 that could allow a remote user to send a specially crafted query to an authenticated user and steal their session details through /mlss/ForgotPassword, parameter ListName. network low complexity ujangrohidin CWE-79	6.1
2024-10-23	CVE-2024-10288	Cross-site Scripting vulnerability in Ujangrohidin Localserver 1.0.9 Cross-Site Scripting (XSS) vulnerability affecting LocalServer 1.0.9 that could allow a remote user to send a specially crafted query to an authenticated user and steal their session details through /mlss/SubscribeToList, parameter ListName. network low complexity ujangrohidin CWE-79	6.1
2024-10-23	CVE-2024-10289	Cross-site Scripting vulnerability in Ujangrohidin Localserver 1.0.9 Cross-Site Scripting (XSS) vulnerability affecting LocalServer 1.0.9 that could allow a remote user to send a specially crafted query to an authenticated user and steal their session details through /mlss/ManageSubscription, parameter MSubListName. network low complexity ujangrohidin CWE-79	6.1
2024-10-23	CVE-2024-8500	Cross-site Scripting vulnerability in Getshortcodes Shortcodes Ultimate The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the several parameters in all versions up to, and including, 7.2.2 due to insufficient input sanitization and output escaping. network low complexity getshortcodes CWE-79	5.4
2024-10-22	CVE-2024-48415	Cross-site Scripting vulnerability in Razormist Loan Management System 1.0 itsourcecode Loan Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via a crafted payload to the lastname, firstname, middlename, address, contact_no, email and tax_id parameters in new borrowers functionality on the Borrowers page. local low complexity razormist CWE-79	5.0
2024-10-22	CVE-2024-48652	Cross-site Scripting vulnerability in Tuzitio Camaleon CMS 2.7.5 Cross Site Scripting vulnerability in camaleon-cms v.2.7.5 allows remote attacker to execute arbitrary code via the content group name field. network low complexity tuzitio CWE-79	4.8
2024-10-22	CVE-2024-48656	Cross-site Scripting vulnerability in Angeljudesuarez Student Management System 1.0 Cross Site Scripting vulnerability in student management system in php with source code v.1.0.0 allows a remote attacker to execute arbitrary code. network low complexity angeljudesuarez CWE-79	4.8