Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2024-08-20 CVE-2024-41697 Cross-site Scripting vulnerability in Priority-Software Priority 19.1.0.68/22.0
Priority - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
network
low complexity
priority-software CWE-79
6.1
6.1
2024-08-20 CVE-2024-6864 Cross-site Scripting vulnerability in Sayandatta WP Last Modified Info
The WP Last Modified Info plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘template’ attribute of the lmt-post-modified-info shortcode in all versions up to, and including, 1.9.0 due to insufficient input sanitization and output escaping.
network
low complexity
sayandatta CWE-79
5.4
5.4
2024-08-20 CVE-2024-5763 Cross-site Scripting vulnerability in Posimyth the Plus Addons for Elementor
The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the video_date attribute within the plugin's Video widget in all versions up to, and including, 5.6.2 due to insufficient input sanitization and output escaping.
network
low complexity
posimyth CWE-79
5.4
5.4
2024-08-20 CVE-2024-6575 Cross-site Scripting vulnerability in Posimyth the Plus Addons for Elementor
The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘res_width_value’ parameter within the plugin's tp_page_scroll widget in all versions up to, and including, 5.6.2 due to insufficient input sanitization and output escaping.
network
low complexity
posimyth CWE-79
5.4
5.4
2024-08-20 CVE-2024-7775 Cross-site Scripting vulnerability in Bitapps Contact Form Builder
The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary JavaScript file uploads due to missing input validation in the addCustomCode function in versions 2.0 to 2.13.9.
network
low complexity
bitapps CWE-79
4.8
4.8
2024-08-20 CVE-2024-7945 Cross-site Scripting vulnerability in Adonesevangelista Laravel Property Management System 1.0
A vulnerability was found in itsourcecode Laravel Property Management System 1.0.
network
low complexity
adonesevangelista CWE-79
5.4
5.4
2024-08-20 CVE-2024-7942 Cross-site Scripting vulnerability in Rems Leads Manager Tool 1.0
A vulnerability has been found in SourceCodester Leads Manager Tool 1.0 and classified as problematic.
network
low complexity
rems CWE-79
5.4
5.4
2024-08-19 CVE-2024-7929 Cross-site Scripting vulnerability in Oretnom23 Simple Forum Website 1.0
A vulnerability, which was classified as problematic, was found in SourceCodester Simple Forum Website 1.0.
network
low complexity
oretnom23 CWE-79
6.1
6.1
2024-08-19 CVE-2024-23729 Cross-site Scripting vulnerability in Heytap Internet Browser 45.10.3.4.1
The ColorOS Internet Browser com.heytap.browser application 45.10.3.4.1 for Android allows a remote attacker to execute arbitrary JavaScript code via the com.android.browser.RealBrowserActivity component.
network
low complexity
heytap CWE-79
6.1
6.1
2024-08-19 CVE-2024-43400 Cross-site Scripting vulnerability in Xwiki
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it.
network
low complexity
xwiki CWE-79
5.4
5.4