Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2024-11-13 CVE-2024-10850 The Razorpay Payment Button Elementor Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.2.5.
network
low complexity
CWE-79
6.1
6.1
2024-11-13 CVE-2024-10851 The Razorpay Payment Button Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.4.6.
network
low complexity
CWE-79
6.1
6.1
2024-11-13 CVE-2024-10887 The NiceJob plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's shortcodes (nicejob-lead, nicejob-review, nicejob-engage, nicejob-badge, nicejob-stories) in all versions up to, and including, 3.6.5 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2024-11-13 CVE-2024-8874 The AJAX Login and Registration modal popup + inline form plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.24.
network
low complexity
CWE-79
6.1
6.1
2024-11-13 CVE-2024-8985 The Social Proof (Testimonial) Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's spslider-block shortcode in all versions up to, and including, 2.2.4 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2024-11-13 CVE-2024-9614 The Constant Contact Forms by MailMunch plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.1.2.
network
low complexity
CWE-79
6.1
6.1
2024-11-12 CVE-2024-28730 Cross-site Scripting vulnerability in Dlink Dwr-2000M Firmware 1.34Me
Cross Site Scripting vulnerability in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to obtain sensitive information via the file upload feature of the VPN configuration module.
network
low complexity
dlink CWE-79
5.4
5.4
2024-11-12 CVE-2024-51093 Cross-site Scripting vulnerability in Snipeitapp Snipe-It 7.0.13
Stored Cross-Site Scripting (XSS) vulnerability in Snipe-IT - v7.0.13 allows an attacker to upload a malicious XML file containing JavaScript code.
network
low complexity
snipeitapp CWE-79
8.7
8.7
2024-11-12 CVE-2024-11130 Cross-site Scripting vulnerability in Zzcms
A vulnerability was found in ZZCMS up to 2023.
network
low complexity
zzcms CWE-79
4.8
4.8
2024-11-12 CVE-2024-36140 Cross-site Scripting vulnerability in Siemens Ozw672 Firmware and Ozw772 Firmware
A vulnerability has been identified in OZW672 (All versions < V5.2), OZW772 (All versions < V5.2).
network
low complexity
siemens CWE-79
5.4
5.4