Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-13 | CVE-2024-49505 | Cross-site Scripting vulnerability in Opensuse Mirrorcache A Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in openSUSE Tumbleweed MirrorCache allows the execution of arbitrary JS via reflected XSS in the REGEX and P parameters. This issue affects MirrorCache before 1.083. | 6.1 |
| 2024-11-13 | CVE-2024-9477 | Cross-site Scripting vulnerability in Airties Air4443 Firmware Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AirTies Air4443 Firmware allows Cross-Site Scripting (XSS).This issue affects Air4443 Firmware: through 14102024. NOTE: The vendor was contacted and it was learned that the product classified as End-of-Life and End-of-Support. | 6.1 |
| 2024-11-13 | CVE-2024-9059 | Cross-site Scripting vulnerability in Royal-Elementor-Addons Royal Elementor Addons The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Google Maps widget in all versions up to, and including, 1.7.1001 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-11-13 | CVE-2024-9668 | Cross-site Scripting vulnerability in Royal-Elementor-Addons Royal Elementor Addons The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 1.7.1001 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-11-13 | CVE-2024-9682 | Cross-site Scripting vulnerability in Royal-Elementor-Addons Royal Elementor Addons The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Form Builder widget in all versions up to, and including, 1.7.1001 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-11-13 | CVE-2024-10877 | Cross-site Scripting vulnerability in Advancedformintegration Advanced Form Integration The AFI – The Easiest Integration Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.92.0. | 6.1 |
| 2024-11-13 | CVE-2024-52268 | Cross-site Scripting vulnerability in Vektor-Inc VK ALL in ONE Expansion Unit Cross-site scripting vulnerability exists in VK All in One Expansion Unit versions prior to 9.100.1.0. | 4.8 |
| 2024-11-13 | CVE-2024-10684 | Cross-site Scripting vulnerability in Kognetiks Chatbot The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'dir' parameter in all versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping. | 6.1 |
| 2024-11-13 | CVE-2024-10882 | The Product Delivery Date for WooCommerce – Lite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.8.0. | 6.1 |
| 2024-11-13 | CVE-2024-10686 | The Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'style_scheme' parameter in all versions up to, and including, 1.6.8 due to insufficient input sanitization and output escaping. | 6.1 |