Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-04 | CVE-2024-7453 | Cross-site Scripting vulnerability in Fastadmin 1.5.0.20240328 A vulnerability was found in FastAdmin 1.5.0.20240328. | 4.8 |
| 2024-08-03 | CVE-2024-7356 | Cross-site Scripting vulnerability in Zephyr-One Zephyr Project Manager The Zephyr Project Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘filename’ parameter in all versions up to, and including, 3.3.100 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-08-02 | CVE-2024-33893 | Cross-site Scripting vulnerability in Hms-Networks Ewon Cosy+ Firmware Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are vulnerable to XSS when displaying the logs due to improper input sanitization. | 6.1 |
| 2024-08-02 | CVE-2024-41519 | Cross-site Scripting vulnerability in Mecodia Feripro Feripro <= v2.2.3 is vulnerable to Cross Site Scripting (XSS) via "/admin/programm/<program_id>/zuordnung/veranstaltungen/<event_id>" through the "school" input field. | 5.4 |
| 2024-08-02 | CVE-2024-7204 | Cross-site Scripting vulnerability in AI3 Qbibot 8.0.9 Ai3 QbiBot does not properly filter user input, allowing unauthenticated remote attackers to insert JavaScript code into the chat box. | 6.1 |
| 2024-08-02 | CVE-2024-4643 | Cross-site Scripting vulnerability in Bdthemes Element Pack The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘end_redirect_link’ parameter in versions up to, and including, 5.7.1 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-08-01 | CVE-2024-39626 | Cross-site Scripting vulnerability in 5Starplugins Pretty Simple Popup Builder Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in 5 Star Plugins Pretty Simple Popup Builder allows Stored XSS.This issue affects Pretty Simple Popup Builder: from n/a through 1.0.7. | 4.8 |
| 2024-08-01 | CVE-2024-39627 | Cross-site Scripting vulnerability in Imagely Nextgen Gallery Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Imagely NextGEN Gallery allows Stored XSS.This issue affects NextGEN Gallery: from n/a through 3.59.3. | 4.8 |
| 2024-08-01 | CVE-2024-39629 | Cross-site Scripting vulnerability in Themegrill Himalayas Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ThemeGrill Himalayas allows Stored XSS.This issue affects Himalayas: from n/a through 1.3.2. | 4.8 |
| 2024-08-01 | CVE-2024-39631 | Cross-site Scripting vulnerability in Contest-Gallery Contest Gallery Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Contest Gallery allows Stored XSS.This issue affects Contest Gallery: from n/a through 23.1.2. | 6.1 |