Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2024-09-28 CVE-2024-8788 Cross-site Scripting vulnerability in Wpfactory Eu/Uk VAT Manager for Woocommerce
The EU/UK VAT Manager for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.12.11.
network
low complexity
wpfactory CWE-79
6.1
6.1
2024-09-28 CVE-2024-9023 Cross-site Scripting vulnerability in Axton Wp-Webauthn
The WP-WebAuthn plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wwa_login_form shortcode in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
axton CWE-79
5.4
5.4
2024-09-27 CVE-2024-46453 Cross-site Scripting vulnerability in Honeywell Iq3Xcite Firmware
A cross-site scripting (XSS) vulnerability in the component /test/ of iq3xcite v2.31 to v3.05 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
network
low complexity
honeywell CWE-79
6.1
6.1
2024-09-27 CVE-2024-47186 Cross-site Scripting vulnerability in Filamentphp Filament
Filament is a collection of full-stack components for Laravel development.
network
low complexity
filamentphp CWE-79
6.1
6.1
2024-09-27 CVE-2024-9291 Cross-site Scripting vulnerability in Kvf-Admin Project Kvf-Admin 20220212
A vulnerability classified as problematic has been found in kalvinGit kvf-admin up to f12a94dc1ebb7d1c51ee978a85e4c7ed75c620ff.
network
low complexity
kvf-admin-project CWE-79
5.4
5.4
2024-09-27 CVE-2024-25412 Cross-site Scripting vulnerability in Flatpress
A cross-site scripting (XSS) vulnerability in Flatpress v1.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email field.
network
low complexity
flatpress CWE-79
6.1
6.1
2024-09-27 CVE-2024-38308 Cross-site Scripting vulnerability in Advantech Adam 5550-Firmware
Advantech ADAM 5550's web application includes a "logs" page where all the HTTP requests received are displayed to the user.
network
low complexity
advantech CWE-79
6.1
6.1
2024-09-27 CVE-2024-40510 Cross-site Scripting vulnerability in Openpetra 2023.02
Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMCommon.asmx function.
network
low complexity
openpetra CWE-79
8.2
8.2
2024-09-27 CVE-2024-47184 Cross-site Scripting vulnerability in Ampache
Ampache is a web based audio/video streaming application and file manager.
network
low complexity
ampache CWE-79
4.8
4.8
2024-09-27 CVE-2024-8608 Cross-site Scripting vulnerability in Oceanicsoft Valeapp
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Oceanic Software ValeApp allows Stored XSS.This issue affects ValeApp: before v2.0.0.
network
low complexity
oceanicsoft CWE-79
5.4
5.4