Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-17 | CVE-2024-8907 | Cross-site Scripting vulnerability in Google Chrome Insufficient data validation in Omnibox in Google Chrome on Android prior to 129.0.6668.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML (XSS) via a crafted set of UI gestures. | 6.1 |
| 2024-09-17 | CVE-2024-8951 | Cross-site Scripting vulnerability in Oretnom23 Resort Reservation System 1.0 A vulnerability classified as problematic was found in SourceCodester Resort Reservation System 1.0. | 6.1 |
| 2024-09-17 | CVE-2024-45803 | Cross-site Scripting vulnerability in Wireui Wire UI is a library of components and resources to empower Laravel and Livewire application development. | 6.1 |
| 2024-09-17 | CVE-2024-8660 | Cross-site Scripting vulnerability in Concretecms Concrete CMS Concrete CMS versions 9.0.0 through 9.3.3 are affected by a stored XSS vulnerability in the "Top Navigator Bar" block. Since the "Top Navigator Bar" output was not sufficiently sanitized, a rogue administrator could add a malicious payload that could be executed when targeted users visited the home page.The Concrete CMS Security Team gave this vulnerability a CVSS v4 score of 4.6 with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N . | 4.8 |
| 2024-09-17 | CVE-2024-38380 | Cross-site Scripting vulnerability in Millbeckcommunications Proroute H685T-W Firmware 3.2.334 This vulnerability occurs when user-supplied input is improperly sanitized and then reflected back to the user's browser, allowing an attacker to execute arbitrary JavaScript in the context of the victim's browser session. | 5.4 |
| 2024-09-17 | CVE-2021-27915 | Cross-site Scripting vulnerability in Acquia Mautic Prior to the patched version, there is an XSS vulnerability in the description fields within the Mautic application which could be exploited by a logged in user of Mautic with the appropriate permissions. This could lead to the user having elevated access to the system. | 9.0 |
| 2024-09-17 | CVE-2024-38860 | Cross-site Scripting vulnerability in Checkmk 2.2.0/2.3.0 Improper neutralization of input in Checkmk before versions 2.3.0p16 and 2.2.0p34 allows attackers to craft malicious links that can facilitate phishing attacks. | 6.1 |
| 2024-09-17 | CVE-2024-5170 | Cross-site Scripting vulnerability in Wp-Master Logo Manager for Enamad The Logo Manager For Enamad WordPress plugin through 0.7.1 does not sanitise and escape in its widgets settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 4.8 |
| 2024-09-17 | CVE-2024-40857 | Cross-site Scripting vulnerability in Apple products This issue was addressed through improved state management. | 6.1 |
| 2024-09-16 | CVE-2024-32034 | Cross-site Scripting vulnerability in Decidim decidim is a Free Open-Source participatory democracy, citizen participation and open government for cities and organizations. | 4.8 |