Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-19 | CVE-2024-8364 | Cross-site Scripting vulnerability in Webhammer WP Custom Fields Search The WP Custom Fields Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpcfs-preset shortcode in all versions up to, and including, 1.2.35 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-09-19 | CVE-2024-8850 | Cross-site Scripting vulnerability in Ibericode Mailchimp The MC4WP: Mailchimp for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'email' parameter when a placeholder such as {email} is used for the field in versions 4.9.9 to 4.9.16 due to insufficient input sanitization and output escaping. | 6.1 |
| 2024-09-18 | CVE-2021-27917 | Cross-site Scripting vulnerability in Acquia Mautic Prior to this patch, a stored XSS vulnerability existed in the contact tracking and page hits report. | 5.4 |
| 2024-09-18 | CVE-2024-46372 | Cross-site Scripting vulnerability in Dedecms 5.7.115 DedeCMS 5.7.115 is vulnerable to Cross Site Scripting (XSS) via the advertisement code box in the advertisement management module. | 6.1 |
| 2024-09-18 | CVE-2024-47050 | Cross-site Scripting vulnerability in Acquia Mautic Prior to this patch being applied, Mautic's tracking was vulnerable to Cross-Site Scripting through the Page URL variable. | 6.1 |
| 2024-09-18 | CVE-2024-47058 | Cross-site Scripting vulnerability in Acquia Mautic With access to edit a Mautic form, the attacker can add Cross-Site Scripting stored in the html filed. | 4.8 |
| 2024-09-18 | CVE-2024-43024 | Cross-site Scripting vulnerability in RWS Multitrans Multiple stored cross-site scripting (XSS) vulnerabilities in RWS MultiTrans v7.0.23324.2 and earlier allow attackers to execute arbitrary web scripts or HTML via a crafted payload. | 6.1 |
| 2024-09-18 | CVE-2024-43025 | Cross-site Scripting vulnerability in RWS Multitrans An HTML injection vulnerability in RWS MultiTrans v7.0.23324.2 and earlier allows attackers to alter the HTML-layout and possibly execute a phishing attack via a crafted payload injected into a sent e-mail. | 6.1 |
| 2024-09-18 | CVE-2022-25774 | Cross-site Scripting vulnerability in Acquia Mautic Prior to the patched version, logged in users of Mautic are vulnerable to a self XSS vulnerability in the notifications within Mautic. Users could inject malicious code into the notification when saving Dashboards. | 5.4 |
| 2024-09-18 | CVE-2024-5959 | Cross-site Scripting vulnerability in Elizsoftware Panel Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Eliz Software Panel allows Stored XSS.This issue affects Panel: before v2.3.24. | 5.4 |