Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-09 | CVE-2024-40740 | Cross-site Scripting vulnerability in Netbox 4.0.3 A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-feeds/{id}/edit/. | 6.1 |
| 2024-07-09 | CVE-2024-40741 | Cross-site Scripting vulnerability in Netbox 4.0.3 A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the circuit ID parameter at /circuits/circuits/{id}/edit/. | 6.1 |
| 2024-07-09 | CVE-2024-40742 | Cross-site Scripting vulnerability in Netbox 4.0.3 A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the circuit ID parameter at /circuits/circuits/add. | 6.1 |
| 2024-07-09 | CVE-2024-21729 | Cross-site Scripting vulnerability in Joomla Joomla! Inadequate input validation leads to XSS vulnerabilities in the accessiblemedia field. | 6.1 |
| 2024-07-09 | CVE-2024-21730 | Cross-site Scripting vulnerability in Joomla Joomla! The fancyselect list field layout does not correctly escape inputs, leading to a self-XSS vector. | 5.4 |
| 2024-07-09 | CVE-2024-21731 | Cross-site Scripting vulnerability in Joomla Joomla! Improper handling of input could lead to an XSS vector in the StringHelper::truncate method. | 6.1 |
| 2024-07-09 | CVE-2024-26278 | Cross-site Scripting vulnerability in Joomla Joomla! The Custom Fields component not correctly filter inputs, leading to a XSS vector. | 6.1 |
| 2024-07-09 | CVE-2024-26279 | Cross-site Scripting vulnerability in Joomla Joomla! The wrapper extensions do not correctly validate inputs, leading to XSS vectors. | 6.1 |
| 2024-07-09 | CVE-2024-3563 | Cross-site Scripting vulnerability in Wpengine Genesis Blocks The Genesis Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Sharing block in all versions up to, and including, 3.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-07-09 | CVE-2024-3603 | Cross-site Scripting vulnerability in Hyumika Openstreetmap The OSM – OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'osm_map' shortcode in all versions up to, and including, 6.0.2 due to insufficient input sanitization and output escaping on user supplied attributes such as 'theme'. | 5.4 |