Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-29 | CVE-2024-6124 | Cross-site Scripting vulnerability in M-Files Hubshare 3.3.10.9/3.3.11.3 Reflected XSS in M-Files Hubshare before version 5.0.6.0 allows an attacker to execute arbitrary JavaScript code in the context of the victim's browser session | 5.4 |
| 2024-07-29 | CVE-2024-6881 | Cross-site Scripting vulnerability in M-Files Hubshare 3.3.10.9/3.3.11.3 Stored XSS in M-Files Hubshare versions before 5.0.6.0 allows an authenticated attacker to execute arbitrary JavaScript in user's browser session | 5.4 |
| 2024-07-28 | CVE-2024-42055 | Cross-site Scripting vulnerability in Cervantessec Cervantes 0.3/0.4/0.5 Cervantes through 0.5-alpha allows stored XSS. | 5.4 |
| 2024-07-27 | CVE-2024-6703 | Cross-site Scripting vulnerability in Fluentforms Contact Form The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘description’ and 'btn_txt' parameters in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-07-27 | CVE-2024-6518 | Cross-site Scripting vulnerability in Fluentforms Contact Form The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output escaping. | 4.8 |
| 2024-07-27 | CVE-2024-6520 | Cross-site Scripting vulnerability in Fluentforms Contact Form The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output escaping. | 4.8 |
| 2024-07-27 | CVE-2024-6521 | Cross-site Scripting vulnerability in Fluentforms Contact Form The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output escaping. | 4.8 |
| 2024-07-27 | CVE-2024-6627 | Cross-site Scripting vulnerability in Leevio Happy Addons for Elementor The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's PDF View widget in all versions up to, and including, 3.11.2 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-07-25 | CVE-2024-3938 | Cross-site Scripting vulnerability in Dotcms The "reset password" login page accepted an HTML injection via URL parameters. This has already been rectified via patch, and as such it cannot be demonstrated via Demo site link. | 6.1 |
| 2024-07-25 | CVE-2024-41809 | Cross-site Scripting vulnerability in Openobserve OpenObserve is an open-source observability platform. | 6.1 |