Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-20 | CVE-2024-42335 | Cross-site Scripting vulnerability in 7-Twenty BOT 7Twenty - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 5.4 |
| 2024-08-20 | CVE-2024-41697 | Cross-site Scripting vulnerability in Priority-Software Priority 19.1.0.68/22.0 Priority - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) | 6.1 |
| 2024-08-20 | CVE-2024-5576 | Cross-site Scripting vulnerability in Themeum Tutor LMS Elementor Addons The Tutor LMS Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'course_carousel_skin' attribute within the plugin's Course Carousel widget in all versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-08-20 | CVE-2024-6864 | Cross-site Scripting vulnerability in Sayandatta WP Last Modified Info The WP Last Modified Info plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘template’ attribute of the lmt-post-modified-info shortcode in all versions up to, and including, 1.9.0 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-08-20 | CVE-2024-5763 | Cross-site Scripting vulnerability in Posimyth the Plus Addons for Elementor The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the video_date attribute within the plugin's Video widget in all versions up to, and including, 5.6.2 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-08-20 | CVE-2024-6575 | Cross-site Scripting vulnerability in Posimyth the Plus Addons for Elementor The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘res_width_value’ parameter within the plugin's tp_page_scroll widget in all versions up to, and including, 5.6.2 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-08-20 | CVE-2024-7775 | Cross-site Scripting vulnerability in Bitapps Contact Form Builder The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary JavaScript file uploads due to missing input validation in the addCustomCode function in versions 2.0 to 2.13.9. | 4.8 |
| 2024-08-20 | CVE-2024-7945 | Cross-site Scripting vulnerability in Adonesevangelista Laravel Property Management System 1.0 A vulnerability was found in itsourcecode Laravel Property Management System 1.0. | 5.4 |
| 2024-08-20 | CVE-2024-7942 | Cross-site Scripting vulnerability in Rems Leads Manager Tool 1.0 A vulnerability has been found in SourceCodester Leads Manager Tool 1.0 and classified as problematic. | 5.4 |
| 2024-08-19 | CVE-2024-7929 | Cross-site Scripting vulnerability in Oretnom23 Simple Forum Website 1.0 A vulnerability, which was classified as problematic, was found in SourceCodester Simple Forum Website 1.0. | 6.1 |