Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-09 | CVE-2024-4868 | Cross-site Scripting vulnerability in Idioweb Extensions for Elementor The Extensions for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's EE Events and EE Flipbox widgets in all versions up to, and including, 2.0.31 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-07-09 | CVE-2024-5457 | Cross-site Scripting vulnerability in Pandavideo Panda Video The Panda Video plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-07-09 | CVE-2024-5802 | Cross-site Scripting vulnerability in Mythemeshop URL Shortener The URL Shortener by Myhop WordPress plugin through 1.0.17 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | 4.8 |
| 2024-07-09 | CVE-2024-4667 | Cross-site Scripting vulnerability in Plugin-Devs Blog, Posts and Category Filter for Elementor The Blog, Posts and Category Filter for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post and Category Filter widget in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping on user supplied 'post_types' attribute. | 5.4 |
| 2024-07-09 | CVE-2024-6169 | Cross-site Scripting vulnerability in Unlimited-Elements Unlimited Elements for Elementor (Free Widgets, Addons, Templates) The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘username’ parameter in all versions up to, and including, 1.5.112 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-07-09 | CVE-2024-6170 | Cross-site Scripting vulnerability in Unlimited-Elements Unlimited Elements for Elementor (Free Widgets, Addons, Templates) The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘email’ parameter in all versions up to, and including, 1.5.112 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-07-08 | CVE-2024-39203 | Cross-site Scripting vulnerability in Zblogcn Z-Blogphp A cross-site scripting (XSS) vulnerability in the Backend Theme Management module of Z-BlogPHP v1.7.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | 6.1 |
| 2024-07-08 | CVE-2024-39308 | Cross-site Scripting vulnerability in Rails Admin Project Rails Admin RailsAdmin is a Rails engine that provides an interface for managing data. | 5.4 |
| 2024-07-08 | CVE-2024-37389 | Cross-site Scripting vulnerability in Apache Nifi Apache NiFi 1.10.0 through 1.26.0 and 2.0.0-M1 through 2.0.0-M3 support a description field in the Parameter Context configuration that is vulnerable to cross-site scripting. | 5.4 |
| 2024-07-07 | CVE-2024-40599 | Cross-site Scripting vulnerability in Mediawiki An issue was discovered in the GuMaxDD skin for MediaWiki through 1.42.1. | 4.8 |