Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-22 | CVE-2024-38208 | Cross-site Scripting vulnerability in Microsoft Edge Microsoft Edge for Android Spoofing Vulnerability | 6.1 |
| 2024-08-22 | CVE-2024-8084 | Cross-site Scripting vulnerability in Oretnom23 Online Computer and Laptop Store 1.0 A vulnerability, which was classified as problematic, was found in SourceCodester Online Computer and Laptop Store 1.0. | 4.8 |
| 2024-08-22 | CVE-2024-6870 | Cross-site Scripting vulnerability in Dfactory Responsive Lightbox The Responsive Lightbox & Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via file uploads in all versions up to, and including, 2.4.7 due to insufficient input sanitization and output escaping affecting the rl_upload_image AJAX endpoint. | 5.4 |
| 2024-08-22 | CVE-2024-7778 | Cross-site Scripting vulnerability in Themeisle Orbit FOX The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.10.36 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-08-22 | CVE-2024-5583 | Cross-site Scripting vulnerability in Posimyth the Plus Addons for Elementor The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the carousel_direction parameter of testimonials widget in all versions up to, and including, 5.6.2 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-08-21 | CVE-2024-20488 | Cross-site Scripting vulnerability in Cisco Unified Communications Manager A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. | 6.1 |
| 2024-08-21 | CVE-2024-41572 | Cross-site Scripting vulnerability in Lang-Learn-Guy Learning With Texts 2.0.3 Learning with Texts (LWT) 2.0.3 is vulnerable to Cross Site Scripting (XSS). | 6.1 |
| 2024-08-21 | CVE-2024-41675 | Cross-site Scripting vulnerability in Okfn Ckan CKAN is an open-source data management system for powering data hubs and data portals. | 6.1 |
| 2024-08-21 | CVE-2024-43407 | Cross-site Scripting vulnerability in Ckeditor 4.0/4.23.0/4.24.0 CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. | 6.1 |
| 2024-08-21 | CVE-2020-11850 | Cross-site Scripting vulnerability in Microfocus Netiq Self Service Password Reset Improper Input Validation vulnerability in OpenText Self Service Password Reset allows Cross-Site Scripting (XSS). This issue affects Self Service Password Reset before 4.5.0.2 and 4.4.0.6 | 6.1 |