Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-27 | CVE-2024-6627 | Cross-site Scripting vulnerability in Leevio Happy Addons for Elementor The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's PDF View widget in all versions up to, and including, 3.11.2 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-07-25 | CVE-2024-3938 | Cross-site Scripting vulnerability in Dotcms The "reset password" login page accepted an HTML injection via URL parameters. This has already been rectified via patch, and as such it cannot be demonstrated via Demo site link. | 6.1 |
| 2024-07-25 | CVE-2024-41809 | Cross-site Scripting vulnerability in Openobserve OpenObserve is an open-source observability platform. | 6.1 |
| 2024-07-25 | CVE-2024-41808 | Cross-site Scripting vulnerability in Openobserve The OpenObserve open-source observability platform provides the ability to filter logs in a dashboard by the values uploaded in a given log. | 5.4 |
| 2024-07-25 | CVE-2024-40873 | Cross-site Scripting vulnerability in Absolute Secure Access There is a cross-site scripting vulnerability in the Secure Access administrative console of Absolute Secure Access prior to version 13.07. Attackers with system administrator permissions can interfere with another system administrator’s use of the publishing UI when the administrators are editing the same management object. | 3.4 |
| 2024-07-25 | CVE-2024-41705 | Cross-site Scripting vulnerability in Archerirm Archer A stored XSS issue was discovered in Archer Platform 6.8 before 2024.06. | 5.4 |
| 2024-07-25 | CVE-2024-41706 | Cross-site Scripting vulnerability in Archerirm Archer A stored XSS issue was discovered in Archer Platform 6 before version 2024.06. | 5.4 |
| 2024-07-25 | CVE-2024-41707 | Cross-site Scripting vulnerability in Archerirm Archer An issue was discovered in Archer Platform 6 before 2024.06. | 5.4 |
| 2024-07-25 | CVE-2024-7047 | Cross-site Scripting vulnerability in Gitlab A cross site scripting vulnerability exists in GitLab CE/EE affecting all versions from 16.6 prior to 17.0.5, 17.1 prior to 17.1.3, 17.2 prior to 17.2.1 allowing an attacker to execute arbitrary scripts under the context of the current logged in user. | 5.4 |
| 2024-07-24 | CVE-2024-41662 | Cross-site Scripting vulnerability in Vnote Project Vnote VNote is a note-taking platform. | 9.6 |