Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-31 | CVE-2024-3886 | Cross-site Scripting vulnerability in Tagdiv Composer 4.2/4.4 The tagDiv Composer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘envato_code[]’ parameter in all versions up to, and including, 5.0 due to insufficient input sanitization and output escaping within the on_ajax_check_envato_code function. | 6.1 |
| 2024-08-31 | CVE-2024-5212 | Cross-site Scripting vulnerability in Tagdiv Composer 4.2/4.4 The tagDiv Composer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘envato_code[]’ parameter in all versions up to, and including, 5.0 due to insufficient input sanitization and output escaping within the on_ajax_register_forum_user function. | 6.1 |
| 2024-08-30 | CVE-2024-44682 | Cross-site Scripting vulnerability in Shopxo 6.2.0 ShopXO 6.2 is vulnerable to Cross Site Scripting (XSS) in the backend that allows attackers to execute code by changing POST parameters. | 6.1 |
| 2024-08-30 | CVE-2024-44683 | Cross-site Scripting vulnerability in Seacms 13.0 Seacms v13 is vulnerable to Cross Site Scripting (XSS) via admin-video.php. | 6.1 |
| 2024-08-30 | CVE-2024-44684 | Cross-site Scripting vulnerability in Tpmecms 1.3.3.2 TpMeCMS 1.3.3.2 is vulnerable to Cross Site Scripting (XSS) in /h.php/page?ref=addtabs via the "Title," "Images," and "Content" fields. | 6.1 |
| 2024-08-30 | CVE-2024-45047 | Cross-site Scripting vulnerability in Svelte svelte performance oriented web framework. | 6.1 |
| 2024-08-30 | CVE-2024-7122 | Cross-site Scripting vulnerability in Wpvibes Elementor Addon Elements The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.13.6 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-08-30 | CVE-2024-8274 | Cross-site Scripting vulnerability in Wpbookingcalendar WP Booking Calendar The WP Booking Calendar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via several parameters from 'timeline_obj' in all versions up to, and including, 10.5 due to insufficient input sanitization and output escaping. | 6.1 |
| 2024-08-30 | CVE-2024-34577 | Cross-site Scripting vulnerability in Elecom products Cross-site scripting vulnerability exists in WRC-X3000GS2-B, WRC-X3000GS2-W, and WRC-X3000GS2A-B due to improper processing of input values in easysetup.cgi. | 6.1 |
| 2024-08-30 | CVE-2024-42412 | Cross-site Scripting vulnerability in Elecom Wab-I1750-Ps Firmware and Wab-S1167-Ps Firmware Cross-site scripting vulnerability exists in ELECOM wireless access points due to improper processing of input values in menu.cgi. | 6.1 |