Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-30 | CVE-2024-8283 | Cross-site Scripting vulnerability in 10Web Slider The Slider by 10Web WordPress plugin before 1.2.59 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 4.8 |
| 2024-09-30 | CVE-2024-8536 | Cross-site Scripting vulnerability in Dotcamp Ultimate Blocks The Ultimate Blocks WordPress plugin before 3.2.2 does not validate and escape some of its block attributes before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 5.4 |
| 2024-09-29 | CVE-2024-9323 | Cross-site Scripting vulnerability in Mayurik Free and Open Source Inventory Management System 1.0 A vulnerability was found in SourceCodester Inventory Management System 1.0. | 5.4 |
| 2024-09-29 | CVE-2024-9320 | Cross-site Scripting vulnerability in Rems Online Timesheet APP 1.0 A vulnerability has been found in SourceCodester Online Timesheet App 1.0 and classified as problematic. | 5.4 |
| 2024-09-28 | CVE-2024-9300 | Cross-site Scripting vulnerability in Oretnom23 Railway Reservation System 1.0 A vulnerability classified as problematic was found in SourceCodester Online Railway Reservation System 1.0. | 6.1 |
| 2024-09-28 | CVE-2024-9299 | Cross-site Scripting vulnerability in Oretnom23 Railway Reservation System 1.0 A vulnerability classified as problematic has been found in SourceCodester Online Railway Reservation System 1.0. | 5.4 |
| 2024-09-28 | CVE-2024-8189 | Cross-site Scripting vulnerability in Ngothang WP Multitasking The WP MultiTasking – WP Utilities plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpmt_menu_name’ parameter in all versions up to, and including, 0.1.17 due to insufficient input sanitization and output escaping. | 4.8 |
| 2024-09-28 | CVE-2024-8712 | Cross-site Scripting vulnerability in Stape GTM Server Side The GTM Server Side plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.1.19. | 6.1 |
| 2024-09-28 | CVE-2024-8715 | Cross-site Scripting vulnerability in Objectiv Simple Ldap Login The Simple LDAP Login plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.6.0. | 6.1 |
| 2024-09-28 | CVE-2024-8547 | Cross-site Scripting vulnerability in Garrettgrimm Simple Popup Plugin 4.5 The Simple Popup Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's [popup] shortcode in all versions up to, and including, 4.5 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |