Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-25 | CVE-2024-3938 | Cross-site Scripting vulnerability in Dotcms The "reset password" login page accepted an HTML injection via URL parameters. This has already been rectified via patch, and as such it cannot be demonstrated via Demo site link. | 6.1 |
| 2024-07-25 | CVE-2024-41809 | Cross-site Scripting vulnerability in Openobserve OpenObserve is an open-source observability platform. | 6.1 |
| 2024-07-25 | CVE-2024-41808 | Cross-site Scripting vulnerability in Openobserve The OpenObserve open-source observability platform provides the ability to filter logs in a dashboard by the values uploaded in a given log. | 5.4 |
| 2024-07-25 | CVE-2024-40873 | Cross-site Scripting vulnerability in Absolute Secure Access There is a cross-site scripting vulnerability in the Secure Access administrative console of Absolute Secure Access prior to version 13.07. Attackers with system administrator permissions can interfere with another system administrator’s use of the publishing UI when the administrators are editing the same management object. | 3.4 |
| 2024-07-25 | CVE-2024-41705 | Cross-site Scripting vulnerability in Archerirm Archer A stored XSS issue was discovered in Archer Platform 6.8 before 2024.06. | 5.4 |
| 2024-07-25 | CVE-2024-41706 | Cross-site Scripting vulnerability in Archerirm Archer A stored XSS issue was discovered in Archer Platform 6 before version 2024.06. | 5.4 |
| 2024-07-25 | CVE-2024-41707 | Cross-site Scripting vulnerability in Archerirm Archer An issue was discovered in Archer Platform 6 before 2024.06. | 5.4 |
| 2024-07-25 | CVE-2024-7047 | Cross-site Scripting vulnerability in Gitlab A cross site scripting vulnerability exists in GitLab CE/EE affecting all versions from 16.6 prior to 17.0.5, 17.1 prior to 17.1.3, 17.2 prior to 17.2.1 allowing an attacker to execute arbitrary scripts under the context of the current logged in user. | 5.4 |
| 2024-07-24 | CVE-2024-41662 | Cross-site Scripting vulnerability in Vnote Project Vnote VNote is a note-taking platform. | 9.6 |
| 2024-07-24 | CVE-2024-22444 | Cross-site Scripting vulnerability in Arubanetworks Edgeconnect Sd-Wan Orchestrator A vulnerability within the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. | 6.1 |