Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-29 | CVE-2024-5192 | Cross-site Scripting vulnerability in Funnelkit Funnel Builder The Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One Click Upsells plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mimes’ parameter in all versions up to, and including, 3.3.1 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-06-28 | CVE-2024-38521 | Cross-site Scripting vulnerability in Hushline Hush Line Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. | 6.1 |
| 2024-06-28 | CVE-2024-37741 | Cross-site Scripting vulnerability in Openplcproject Openplc V3 Firmware OpenPLC 3 through 9cd8f1b allows XSS via an SVG document as a profile picture. | 5.4 |
| 2024-06-28 | CVE-2024-3800 | Cross-site Scripting vulnerability in Conceptintermedia S@M CMS Sites managed in S@M CMS (Concept Intermedia) might be vulnerable to Reflected XSS via including scripts in requested file names. Only a part of observed services is vulnerable, but since vendor has not investigated the root problem, it is hard to determine when the issue appears. | 6.1 |
| 2024-06-28 | CVE-2024-3801 | Cross-site Scripting vulnerability in Conceptintermedia S@M CMS Sites managed in S@M CMS (Concept Intermedia) might be vulnerable to Reflected XSS via including scripts in one of GET header parameters. Only a part of observed services is vulnerable, but since vendor has not investigated the root problem, it is hard to determine when the issue appears. | 6.1 |
| 2024-06-28 | CVE-2024-5737 | Cross-site Scripting vulnerability in Admiror-Design-Studio Admirorframes Script afGdStream.php in AdmirorFrames Joomla! extension doesn’t specify a content type and as a result default (text/html) is used. | 6.1 |
| 2024-06-27 | CVE-2024-5933 | Cross-site Scripting vulnerability in Lollms web UI A Cross-site Scripting (XSS) vulnerability exists in the chat functionality of parisneo/lollms-webui in the latest version. | 5.4 |
| 2024-06-27 | CVE-2024-4983 | Cross-site Scripting vulnerability in Posimyth the Plus Addons for Elementor The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘video_color’ parameter in all versions up to, and including, 5.6.0 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-06-27 | CVE-2024-5601 | Cross-site Scripting vulnerability in Mediavine Create The Create by Mediavine plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Schema Meta shortcode in all versions up to, and including, 1.9.7 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-06-27 | CVE-2024-3111 | Cross-site Scripting vulnerability in H5P The Interactive Content WordPress plugin before 1.15.8 does not validate uploads which could allow a Contributors and above to update malicious SVG files, leading to Stored Cross-Site Scripting issues | 5.4 |