Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-31 | CVE-2024-7303 | Cross-site Scripting vulnerability in Adonesevangelista Online Blood Bank Management System 1.0 A vulnerability was found in itsourcecode Online Blood Bank Management System 1.0. | 5.4 |
| 2024-07-31 | CVE-2024-7285 | Cross-site Scripting vulnerability in Oretnom23 Establishment Billing Management System 1.0 A vulnerability has been found in SourceCodester Establishment Billing Management System 1.0 and classified as problematic. | 5.4 |
| 2024-07-31 | CVE-2024-7284 | Cross-site Scripting vulnerability in Oretnom23 LOT Reservation Management System 1.0 A vulnerability, which was classified as problematic, was found in SourceCodester Lot Reservation Management System 1.0. | 5.4 |
| 2024-07-30 | CVE-2024-37165 | Cross-site Scripting vulnerability in Discourse Discourse is an open source discussion platform. | 6.1 |
| 2024-07-30 | CVE-2024-7127 | Cross-site Scripting vulnerability in Stackposts Social Marketing Tool Improper Neutralization of Input During Web Page Generation vulnerability in Stackposts Social Marketing Tool allows Cross-site Scripting (XSS) attack. By submitting the payload in the username during registration, it can be executed later in the application panel. | 6.1 |
| 2024-07-30 | CVE-2024-7100 | Cross-site Scripting vulnerability in Bold-Themes Bold Page Builder The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bt_bb_button shortcode in all versions up to, and including, 5.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-07-30 | CVE-2024-3986 | Cross-site Scripting vulnerability in Themeboy Sportspress The SportsPress WordPress plugin before 2.7.22 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 4.8 |
| 2024-07-30 | CVE-2024-7218 | Cross-site Scripting vulnerability in Oretnom23 School LOG Management System 1.0 A vulnerability was found in SourceCodester School Log Management System 1.0. | 6.1 |
| 2024-07-29 | CVE-2024-40785 | Cross-site Scripting vulnerability in Apple products This issue was addressed with improved checks. | 6.1 |
| 2024-07-29 | CVE-2024-37856 | Cross-site Scripting vulnerability in Oretnom23 Lost and Found Information System 1.0 Cross Site Scripting vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the first, last, middle name fields in the User Profile page. | 5.4 |