Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-24 | CVE-2024-22444 | Cross-site Scripting vulnerability in Arubanetworks Edgeconnect Sd-Wan Orchestrator A vulnerability within the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. | 6.1 |
| 2024-07-24 | CVE-2024-31971 | Cross-site Scripting vulnerability in Adtran Netvanta 3120 Firmware 18.01.01.00.E Multiple stored cross-site scripting (XSS) vulnerabilities on AdTran NetVanta 3120 18.01.01.00.E devices allow remote attackers to inject arbitrary JavaScript, as demonstrated by /mainPassword.html, /processIdentity.html, /public.html, /dhcp.html, /private.html, /hostname.html, /connectivity.html, /NetworkMonitor.html, /trafficMonitoringConfig.html, and /wizardMain.html. | 4.8 |
| 2024-07-24 | CVE-2024-41914 | Cross-site Scripting vulnerability in Arubanetworks Edgeconnect Sd-Wan Orchestrator A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. | 9.0 |
| 2024-07-24 | CVE-2024-7068 | Cross-site Scripting vulnerability in Insurance Management System Project Insurance Management System 1.0 A vulnerability classified as problematic has been found in SourceCodester Insurance Management System 1.0. | 4.6 |
| 2024-07-24 | CVE-2024-3896 | Cross-site Scripting vulnerability in Robogallery Robo Gallery The Photo Gallery, Images, Slider in Rbs Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the Gallery title field in all versions up to, and including, 3.2.19 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-07-24 | CVE-2024-5818 | Cross-site Scripting vulnerability in Royal-Elementor-Addons Royal Elementor Addons The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored DOM-based Cross-Site Scripting via the plugin's Magazine Grid/Slider widget in all versions up to, and including, 1.3.980 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-07-24 | CVE-2024-6896 | Cross-site Scripting vulnerability in Ampforwp Accelerated Mobile Pages The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.96.1 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-07-24 | CVE-2024-6930 | Cross-site Scripting vulnerability in Wpbookingcalendar Booking Calendar The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'type' attribute within the plugin's bookingform shortcode in all versions up to, and including, 10.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-07-24 | CVE-2024-6629 | Cross-site Scripting vulnerability in Plugins360 All-In-One Video Gallery The All-in-One Video Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Video shortcode in all versions up to, and including, 3.7.1 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-07-24 | CVE-2024-6094 | Cross-site Scripting vulnerability in Technowich WP Ulike The WP ULike WordPress plugin before 4.7.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 4.8 |