Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2024-10-08 CVE-2024-8433 The Easy Mega Menu Plugin for WordPress – ThemeHunk plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘themehunk_megamenu_bg_image' parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2024-10-08 CVE-2024-8629 The WooCommerce Multilingual & Multicurrency with WPML plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 5.3.7.
network
low complexity
CWE-79
6.1
6.1
2024-10-08 CVE-2024-8964 The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 7.2.9 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2024-10-08 CVE-2024-45278 Cross-site Scripting vulnerability in SAP Commerce Backoffice 2205/2211
SAP Commerce Backoffice does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap CWE-79
5.4
5.4
2024-10-08 CVE-2024-47594 Cross-site Scripting vulnerability in SAP Netweaver Enterprise Portal 7.50
SAP NetWeaver Enterprise Portal (KMC) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability in KMC servlet.
network
low complexity
sap CWE-79
5.4
5.4
2024-10-07 CVE-2024-47781 Cross-site Scripting vulnerability in Miraheze Createwiki 20220402
CreateWiki is an extension used at Miraheze for requesting & creating wikis.
network
low complexity
miraheze CWE-79
6.1
6.1
2024-10-07 CVE-2024-43362 Cross-site Scripting vulnerability in Cacti
Cacti is an open source performance and fault management framework.
network
low complexity
cacti CWE-79
5.4
5.4
2024-10-07 CVE-2024-43364 Cross-site Scripting vulnerability in Cacti
Cacti is an open source performance and fault management framework.
network
low complexity
cacti CWE-79
8.2
8.2
2024-10-07 CVE-2024-43365 Cross-site Scripting vulnerability in Cacti 1.2.27
Cacti is an open source performance and fault management framework.
network
low complexity
cacti CWE-79
8.2
8.2
2024-10-07 CVE-2024-45060 Cross-site Scripting vulnerability in PHPoffice PHPspreadsheet
PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files.
network
low complexity
phpoffice CWE-79
6.1
6.1