VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
> Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2025-01-05
CVE-2025-0228
Cross-site Scripting vulnerability in Code-Projects Local Storage Todo APP 1.0
A vulnerability has been found in code-projects Local Storage Todo App 1.0 and classified as problematic.
network
low complexity
code-projects
CWE-79
4.8
4.8
2025-01-05
CVE-2024-13141
Cross-site Scripting vulnerability in Osuuu Lightpicture 1.2.0/1.2.1/1.2.2
A vulnerability classified as problematic was found in osuuu LightPicture up to 1.2.2.
network
low complexity
osuuu
CWE-79
5.4
5.4
2025-01-05
CVE-2024-13140
Cross-site Scripting vulnerability in Emlog
A vulnerability classified as problematic has been found in Emlog Pro up to 2.4.3.
network
low complexity
emlog
CWE-79
5.4
5.4
2025-01-05
CVE-2024-13137
Cross-site Scripting vulnerability in Wangl1989 Mysiteforme 1.0
A vulnerability was found in wangl1989 mysiteforme 1.0.
network
low complexity
wangl1989
CWE-79
5.4
5.4
2025-01-04
CVE-2024-12475
The WP Multi Store Locator plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2025-01-04
CVE-2024-12221
The Turnkey bbPress by WeaverTheme plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘_wpnonce’ parameter in all versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1
6.1
2025-01-04
CVE-2024-11930
The Taskbuilder – WordPress Project & Task Management plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wppm_tasks shortcode in all versions up to, and including, 3.0.6 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2025-01-04
CVE-2024-11974
The Media Library Assistant plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘smc_settings_tab', 'unattachfixit-action', and 'woofixit-action’ parameters in all versions up to, and including, 3.23 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1
6.1
2025-01-04
CVE-2024-12047
The WP Compress – Instant Performance & Speed Optimization plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘custom_server’ parameter in all versions up to, and including, 6.30.03 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1
6.1
2025-01-04
CVE-2024-12701
The WP Smart Import : Import any XML File to WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘ page’ parameter in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1
6.1
«
Previous
1
2
...
22
23
24
(current)
25
26
...
1822
1823
»
Next