Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2024-07-03 CVE-2024-35234 Cross-site Scripting vulnerability in Discourse
Discourse is an open-source discussion platform.
network
low complexity
discourse CWE-79
6.1
6.1
2024-07-03 CVE-2024-39248 Cross-site Scripting vulnerability in Fikeulous Simpcms 0.1
A cross-site scripting (XSS) vulnerability in SimpCMS v0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field at /admin.php.
network
low complexity
fikeulous CWE-79
5.4
5.4
2024-07-03 CVE-2024-6052 Cross-site Scripting vulnerability in Checkmk
Stored XSS in Checkmk before versions 2.3.0p8, 2.2.0p29, 2.1.0p45, and 2.0.0 (EOL) allows users to execute arbitrary scripts by injecting HTML elements
network
low complexity
checkmk CWE-79
5.4
5.4
2024-07-03 CVE-2024-4482 Cross-site Scripting vulnerability in Posimyth the Plus Addons for Elementor
The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Countdown' widget in all versions up to, and including, 5.6.1 due to insufficient input sanitization and output escaping on user supplied 'text_days' attribute.
network
low complexity
posimyth CWE-79
5.4
5.4
2024-07-03 CVE-2024-6263 Cross-site Scripting vulnerability in Syedbalkhi WP Lightbox 2
The WP Lightbox 2 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’ parameter in all versions up to, and including, 3.0.6.6 due to insufficient input sanitization and output escaping.
network
low complexity
syedbalkhi CWE-79
5.4
5.4
2024-07-03 CVE-2024-6340 Cross-site Scripting vulnerability in Leap13 Premium Addons for Elementor
The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 4.10.35 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
leap13 CWE-79
5.4
5.4
2024-07-03 CVE-2024-2234 Cross-site Scripting vulnerability in 2Code Himer
The Himer WordPress theme before 2.1.1 does not sanitise and escape some of its Post settings, which could allow high privilege users such as Contributor to perform Stored Cross-Site Scripting attacks
network
low complexity
2code CWE-79
5.4
5.4
2024-07-03 CVE-2024-2375 Cross-site Scripting vulnerability in 2Code Wpqa Builder
The WPQA Builder WordPress plugin before 6.1.1 does not sanitise and escape some of its Slider settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks
network
low complexity
2code CWE-79
5.4
5.4
2024-07-02 CVE-2024-39143 Cross-site Scripting vulnerability in Coderberg Residencecms 2.10.1
A stored cross-site scripting (XSS) vulnerability exists in ResidenceCMS 2.10.1 that allows a low-privilege user to create malicious property content with HTML inside which acts as a stored XSS payload.
network
low complexity
coderberg CWE-79
5.4
5.4
2024-07-02 CVE-2024-4268 Cross-site Scripting vulnerability in Dotcamp Ultimate Blocks
The Ultimate Blocks – WordPress Blocks Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's blocks in all versions up to, and including, 3.1.9 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
dotcamp CWE-79
5.4
5.4