Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-12 | CVE-2024-10790 | The Admin and Site Enhancements (ASE) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 7.5.1 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-11-12 | CVE-2024-9357 | The xili-tidy-tags plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'action' parameter in all versions up to, and including, 1.12.04 due to insufficient input sanitization and output escaping. | 6.1 |
| 2024-11-12 | CVE-2024-10538 | Cross-site Scripting vulnerability in Leevio Happy Addons for Elementor The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the before_label parameter in the Image Comparison widget in all versions up to, and including, 3.12.5 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-11-12 | CVE-2024-10685 | Cross-site Scripting vulnerability in Wpplugin Contact Form 7 Redirect & Thank YOU Page The Contact Form 7 Redirect & Thank You Page plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. | 6.1 |
| 2024-11-12 | CVE-2024-11102 | Cross-site Scripting vulnerability in Mayurik Hospital Management System 1.0 A vulnerability was found in SourceCodester Hospital Management System 1.0. | 4.8 |
| 2024-11-11 | CVE-2024-51486 | Cross-site Scripting vulnerability in Ampache 7.0.0 Ampache is a web based audio/video streaming application and file manager. | 8.4 |
| 2024-11-11 | CVE-2024-51490 | Cross-site Scripting vulnerability in Ampache 7.0.0 Ampache is a web based audio/video streaming application and file manager. | 9.0 |
| 2024-11-11 | CVE-2024-45087 | Cross-site Scripting vulnerability in IBM Websphere Application Server 8.5/9.0 IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. | 4.8 |
| 2024-11-11 | CVE-2024-45088 | Cross-site Scripting vulnerability in IBM Maximo Asset Management 7.6.1.3 IBM Maximo Asset Management 7.6.1.3 is vulnerable to stored cross-site scripting. | 5.4 |
| 2024-11-11 | CVE-2024-11021 | Cross-site Scripting vulnerability in Vice Webopac 7.1.20160701 Webopac from Grand Vice info has Stored Cross-site Scripting vulnerability. | 5.4 |