Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-06 | CVE-2024-27125 | Cross-site Scripting vulnerability in Qnap Helpdesk A cross-site scripting (XSS) vulnerability has been reported to affect Helpdesk. | 4.8 |
| 2024-09-06 | CVE-2024-27126 | Cross-site Scripting vulnerability in Qnap Notes Station 3 A cross-site scripting (XSS) vulnerability has been reported to affect Notes Station 3. | 5.4 |
| 2024-09-06 | CVE-2024-32762 | Cross-site Scripting vulnerability in Qnap Qulog Center A cross-site scripting (XSS) vulnerability has been reported to affect QuLog Center. | 6.1 |
| 2024-09-06 | CVE-2024-38640 | Cross-site Scripting vulnerability in Qnap Download Station A cross-site scripting (XSS) vulnerability has been reported to affect Download Station. | 5.4 |
| 2024-09-06 | CVE-2024-44837 | Cross-site Scripting vulnerability in Deathbreak Drug 1.0 A cross-site scripting (XSS) vulnerability in the component \bean\Manager.java of Drug v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the user parameter. | 5.4 |
| 2024-09-06 | CVE-2024-7599 | Cross-site Scripting vulnerability in Wpcodeus Advanced Sermons The Advanced Sermons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘sermon_video_embed’ parameter in all versions up to, and including, 3.3 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-09-06 | CVE-2024-7611 | Cross-site Scripting vulnerability in Themelooks Enter Addons The Enter Addons – Ultimate Template Builder for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' attribute of the Events Card widget in all versions up to, and including, 2.1.8 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-09-06 | CVE-2024-8317 | Cross-site Scripting vulnerability in Wpeka WP Adcenter The WP AdCenter – Ad Manager & Adsense Ads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ad_alignment’ attribute in all versions up to, and including, 2.5.6 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-09-06 | CVE-2024-45400 | Cross-site Scripting vulnerability in Mlewand Open Link ckeditor-plugin-openlink is a plugin for the CKEditor JavaScript text editor that extends the context menu with a possibility to open a link in a new tab. | 6.1 |
| 2024-09-05 | CVE-2024-44728 | Cross-site Scripting vulnerability in Angeljudesuarez Event Management System 1.0 Sourcecodehero Event Management System 1.0 allows Stored Cross-Site Scripting via parameters Full Name, Address, Email, and contact# in /clientdetails/admin/regester.php. | 6.1 |