Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-24 | CVE-2024-8738 | Cross-site Scripting vulnerability in Castos Seriously Simple Stats The Seriously Simple Stats plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.6.0. | 6.1 |
| 2024-09-23 | CVE-2024-8770 | Cross-site Scripting vulnerability in Github Enterprise Server A Cross-Site Scripting (XSS) vulnerability was identified in the repository transfer feature of GitHub Enterprise Server, which allows attackers to steal sensitive user information via social engineering. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in version 3.10.17, 3.11.15, 3.12.9, 3.13.4, and 3.14.1. This vulnerability was reported via the GitHub Bug Bounty program. | 6.1 |
| 2024-09-23 | CVE-2024-47068 | Cross-site Scripting vulnerability in Rollupjs Rollup Rollup is a module bundler for JavaScript. | 6.1 |
| 2024-09-23 | CVE-2024-47069 | Cross-site Scripting vulnerability in Oveleon Cookiebar Oveleon Cookie Bar is a cookie bar is for the Contao Open Source CMS and allows a visitor to define cookie & privacy settings for the website. | 6.1 |
| 2024-09-23 | CVE-2024-8758 | Cross-site Scripting vulnerability in Expresstech Quiz and Survey Master The Quiz and Survey Master (QSM) WordPress plugin before 9.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 4.8 |
| 2024-09-23 | CVE-2024-47227 | Cross-site Scripting vulnerability in Iredmail Iredadmin iRedAdmin before 2.6 allows XSS, e.g., via order_name. | 6.1 |
| 2024-09-23 | CVE-2024-9092 | Cross-site Scripting vulnerability in Rems Profile Registration Without Reload/Refresh 1.0 A vulnerability was found in SourceCodester Profile Registration without Reload Refresh 1.0. | 6.1 |
| 2024-09-23 | CVE-2024-9089 | Cross-site Scripting vulnerability in Mayurik Modern Loan Management System 1.0 A vulnerability was found in SourceCodester Modern Loan Management System 1.0 and classified as problematic. | 5.4 |
| 2024-09-22 | CVE-2024-9083 | Cross-site Scripting vulnerability in Razormist Employee Management System 1.0 A vulnerability classified as problematic has been found in SourceCodester Employee Management System 1.0. | 4.8 |
| 2024-09-22 | CVE-2024-9084 | Cross-site Scripting vulnerability in Code-Projects Blood Bank System 1.0 A vulnerability classified as problematic was found in code-projects Blood Bank System 1.0. | 5.4 |