Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2024-11-06 CVE-2024-10928 Cross-site Scripting vulnerability in Monocms 1.0
A vulnerability was found in MonoCMS up to 20240528.
network
low complexity
monocms CWE-79
6.1
6.1
2024-11-06 CVE-2024-20525 Cross-site Scripting vulnerability in Cisco Identity Services Engine
A vulnerability in the web-based management interface of Cisco ISE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input.
network
low complexity
cisco CWE-79
6.1
6.1
2024-11-06 CVE-2024-20530 Cross-site Scripting vulnerability in Cisco Identity Services Engine
A vulnerability in the web-based management interface of Cisco ISE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input.
network
low complexity
cisco CWE-79
6.1
6.1
2024-11-06 CVE-2024-20538 Cross-site Scripting vulnerability in Cisco Identity Services Engine
A vulnerability in the web-based management interface of Cisco ISE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not sufficiently validate user-supplied input.
network
low complexity
cisco CWE-79
6.1
6.1
2024-11-06 CVE-2024-20539 Cross-site Scripting vulnerability in Cisco Identity Services Engine
A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to conduct a stored XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not sufficiently validate user-supplied input.
network
low complexity
cisco CWE-79
4.8
4.8
2024-11-06 CVE-2024-35146 IBM Maximo Application Suite - Monitor Component 8.10.11, 8.11.8, and 9.0.0 is vulnerable to cross-site scripting.
network
low complexity
CWE-79
5.4
5.4
2024-11-06 CVE-2020-11859 Cross-site Scripting vulnerability in Microfocus Imanager
Improper Input Validation vulnerability in OpenText iManager allows Cross-Site Scripting (XSS). This issue affects iManager before 3.2.3
network
low complexity
microfocus CWE-79
5.4
5.4
2024-11-06 CVE-2024-10186 Cross-site Scripting vulnerability in Avecnous Event Post
The Event post plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's events_cal shortcode in all versions up to, and including, 5.9.6 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
avecnous CWE-79
5.4
5.4
2024-11-06 CVE-2024-10168 Cross-site Scripting vulnerability in Pluginus Woot
The Active Products Tables for WooCommerce.
network
low complexity
pluginus CWE-79
5.4
5.4
2024-11-06 CVE-2024-8323 Cross-site Scripting vulnerability in Fatcatapps Easy Pricing Tables
The Pricing Tables WordPress Plugin – Easy Pricing Tables plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘fontFamily’ attribute in all versions up to, and including, 3.2.6 due to insufficient input sanitization and output escaping.
network
low complexity
fatcatapps CWE-79
5.4
5.4