Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-22 | CVE-2024-37263 | Cross-site Scripting vulnerability in Themelooks Enter Addons Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ThemeLooks Enter Addons enteraddons allows Stored XSS.This issue affects Enter Addons: from n/a through 2.1.6. | 5.4 |
| 2024-07-22 | CVE-2024-37416 | Cross-site Scripting vulnerability in Wppa WP Photo Album Plus Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in J.N. | 6.1 |
| 2024-07-22 | CVE-2024-41709 | Cross-site Scripting vulnerability in Backdropcms Backdrop Backdrop CMS before 1.27.3 and 1.28.x before 1.28.2 does not sufficiently sanitize field labels before they are displayed in certain places. | 4.8 |
| 2024-07-22 | CVE-2024-5004 | Cross-site Scripting vulnerability in Cminds CM Popup The CM Popup Plugin for WordPress WordPress plugin before 1.6.6 does not sanitise and escape some of the campaign settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks | 4.8 |
| 2024-07-22 | CVE-2024-5529 | Cross-site Scripting vulnerability in Holoborodko WP Quicklatex The WP QuickLaTeX WordPress plugin before 3.8.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 4.8 |
| 2024-07-22 | CVE-2024-6243 | Cross-site Scripting vulnerability in Ibericode Html Forms The HTML Forms WordPress plugin before 1.3.33 does not sanitize and escape the form message inputs, allowing high-privilege users, such as administrators, to perform Stored Cross-Site Scripting (XSS) attacks even when the unfiltered_html capability is disabled. | 4.8 |
| 2024-07-21 | CVE-2024-37447 | Cross-site Scripting vulnerability in Pixelyoursite Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PixelYourSite PixelYourSite – Your smart PIXEL (TAG) Manager allows Stored XSS.This issue affects PixelYourSite – Your smart PIXEL (TAG) Manager: from n/a through 9.6.1.1. | 4.8 |
| 2024-07-21 | CVE-2024-37459 | Cross-site Scripting vulnerability in Payplus Payment Gateway Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PayPlus LTD PayPlus Payment Gateway allows Reflected XSS.This issue affects PayPlus Payment Gateway: from n/a through 6.6.8. | 6.1 |
| 2024-07-21 | CVE-2024-37487 | Cross-site Scripting vulnerability in Wpdirectorykit WP Directory KIT Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in wpdirectorykit.Com WP Directory Kit allows Reflected XSS.This issue affects WP Directory Kit: from n/a through 1.3.5. | 6.1 |
| 2024-07-21 | CVE-2024-37537 | Cross-site Scripting vulnerability in Uusweb WS Contact Form Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in UusWeb.Ee WS Contact Form allows Stored XSS.This issue affects WS Contact Form: from n/a through 1.3.7. | 5.4 |