Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-23 | CVE-2024-5502 | Cross-site Scripting vulnerability in Piotnet Addons The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Accordion, Dual Heading, and Vertical Timeline widgets in all versions up to, and including, 2.4.30 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-08-22 | CVE-2024-38208 | Cross-site Scripting vulnerability in Microsoft Edge Microsoft Edge for Android Spoofing Vulnerability | 6.1 |
| 2024-08-22 | CVE-2024-8084 | Cross-site Scripting vulnerability in Oretnom23 Online Computer and Laptop Store 1.0 A vulnerability, which was classified as problematic, was found in SourceCodester Online Computer and Laptop Store 1.0. | 4.8 |
| 2024-08-22 | CVE-2024-6870 | Cross-site Scripting vulnerability in Dfactory Responsive Lightbox The Responsive Lightbox & Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via file uploads in all versions up to, and including, 2.4.7 due to insufficient input sanitization and output escaping affecting the rl_upload_image AJAX endpoint. | 5.4 |
| 2024-08-22 | CVE-2024-7778 | Cross-site Scripting vulnerability in Themeisle Orbit FOX The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.10.36 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-08-22 | CVE-2024-5583 | Cross-site Scripting vulnerability in Posimyth the Plus Addons for Elementor The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the carousel_direction parameter of testimonials widget in all versions up to, and including, 5.6.2 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-08-21 | CVE-2024-20488 | Cross-site Scripting vulnerability in Cisco Unified Communications Manager A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. | 6.1 |
| 2024-08-21 | CVE-2024-41572 | Cross-site Scripting vulnerability in Lang-Learn-Guy Learning With Texts 2.0.3 Learning with Texts (LWT) 2.0.3 is vulnerable to Cross Site Scripting (XSS). | 6.1 |
| 2024-08-21 | CVE-2024-41675 | Cross-site Scripting vulnerability in Okfn Ckan CKAN is an open-source data management system for powering data hubs and data portals. | 6.1 |
| 2024-08-21 | CVE-2024-43407 | Cross-site Scripting vulnerability in Ckeditor 4.0/4.23.0/4.24.0 CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. | 6.1 |