Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2024-09-15 CVE-2024-45460 Cross-site Scripting vulnerability in Info-D-74 Flipping Cards
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Manu225 Flipping Cards allows Stored XSS.This issue affects Flipping Cards: from n/a through 1.30.
network
low complexity
info-d-74 CWE-79
4.8
4.8
2024-09-15 CVE-2024-8867 Cross-site Scripting vulnerability in Perfexcrm Perfex CRM 3.1.6
A vulnerability was found in Perfex CRM 3.1.6.
network
low complexity
perfexcrm CWE-79
5.4
5.4
2024-09-15 CVE-2024-8866 Cross-site Scripting vulnerability in Autocms Project Autocms 5.4
A vulnerability was found in AutoCMS 5.4.
network
low complexity
autocms-project CWE-79
6.1
6.1
2024-09-14 CVE-2024-8863 Cross-site Scripting vulnerability in Aimstack AIM
A vulnerability, which was classified as problematic, was found in aimhubio aim up to 3.24.
network
low complexity
aimstack CWE-79
5.4
5.4
2024-09-14 CVE-2023-3410 Cross-site Scripting vulnerability in Bricksbuilder Bricks
The Bricks theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘customTag' attribute in versions up to, and including, 1.10.1 due to insufficient input sanitization and output escaping.
network
low complexity
bricksbuilder CWE-79
5.4
5.4
2024-09-14 CVE-2024-8797 Cross-site Scripting vulnerability in Wpbookingsystem WP Booking System
The WP Booking System – Booking Calendar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.0.19.8.
network
low complexity
wpbookingsystem CWE-79
6.1
6.1
2024-09-14 CVE-2024-8724 Cross-site Scripting vulnerability in Xootix Waitlist Woocommerce
The Waitlist Woocommerce ( Back in stock notifier ) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.7.5.
network
low complexity
xootix CWE-79
6.1
6.1
2024-09-13 CVE-2024-8783 Cross-site Scripting vulnerability in Opentibiabr Myaac
A vulnerability classified as problematic has been found in OpenTibiaBR MyAAC up to 0.8.16.
network
low complexity
opentibiabr CWE-79
5.4
5.4
2024-09-13 CVE-2024-31414 Cross-site Scripting vulnerability in Eaton Foreseer Electrical Power Monitoring System
The Eaton Foreseer software provides users the capability to customize the dashboard in WebView pages.
network
low complexity
eaton CWE-79
6.1
6.1
2024-09-13 CVE-2024-44798 Cross-site Scripting vulnerability in Anujk305 BUS Pass Management System 1.0
phpgurukul Bus Pass Management System 1.0 is vulnerable to Cross-site scripting (XSS) in /admin/pass-bwdates-reports-details.php via fromdate and todate parameters.
network
low complexity
anujk305 CWE-79
4.8
4.8