Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-21 | CVE-2024-6339 | Cross-site Scripting vulnerability in Averta Phlox The Phlox PRO theme for WordPress is vulnerable to Reflected Cross-Site Scripting via search parameters in all versions up to, and including, 5.16.4 due to insufficient input sanitization and output escaping. | 6.1 |
| 2024-08-21 | CVE-2024-7629 | Cross-site Scripting vulnerability in Kirstyburgoine Responsive Video 1.0 The Responsive video plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's video settings function in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-08-21 | CVE-2024-42939 | Cross-site Scripting vulnerability in Yzncms 1.4.2 A cross-site scripting (XSS) vulnerability in the component /index/index.html of YZNCMS v1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the configured remarks text field. | 5.4 |
| 2024-08-20 | CVE-2024-41658 | Cross-site Scripting vulnerability in Casbin Casdoor Casdoor is a UI-first Identity and Access Management (IAM) / Single-Sign-On (SSO) platform. | 6.1 |
| 2024-08-20 | CVE-2024-43396 | Cross-site Scripting vulnerability in Khoj Khoj is an application that creates personal AI agents. | 5.4 |
| 2024-08-20 | CVE-2024-35540 | Cross-site Scripting vulnerability in Typecho A stored cross-site scripting (XSS) vulnerability in Typecho v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | 9.0 |
| 2024-08-20 | CVE-2024-39094 | Cross-site Scripting vulnerability in Friendica 2024.03 Friendica 2024.03 is vulnerable to Cross Site Scripting (XSS) in settings/profile via the homepage, xmpp, and matrix parameters. | 5.4 |
| 2024-08-20 | CVE-2024-6378 | Cross-site Scripting vulnerability in 3DS 3Dexperience R2022X/R2023X A reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session. | 5.4 |
| 2024-08-20 | CVE-2024-6379 | Cross-site Scripting vulnerability in 3DS 3Dexperience R2022X/R2023X A reflected Cross-site Scripting (XSS) vulnerability affecting 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session. | 6.1 |
| 2024-08-20 | CVE-2024-42335 | Cross-site Scripting vulnerability in 7-Twenty BOT 7Twenty - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 5.4 |