Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE	CVE	VULNERABILITY TITLE	RISK
2024-06-27	CVE-2024-4664	Cross-site Scripting vulnerability in Ninjateam WP Chat APP The WP Chat App WordPress plugin before 3.6.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admins to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. network low complexity ninjateam CWE-79	4.8
2024-06-27	CVE-2024-4569	Cross-site Scripting vulnerability in Webtechstreet Elementor Addon Elements The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in versions up to, and including, 1.13.5 due to insufficient input sanitization and output escaping. network low complexity webtechstreet CWE-79	5.4
2024-06-27	CVE-2024-4570	Cross-site Scripting vulnerability in Webtechstreet Elementor Addon Elements The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in versions up to, and including, 1.13.5 due to insufficient input sanitization and output escaping. network low complexity webtechstreet CWE-79	5.4
2024-06-27	CVE-2024-5289	Cross-site Scripting vulnerability in Kadencewp Gutenberg Blocks With AI The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Google Maps widget parameters in all versions up to, and including, 3.2.42 due to insufficient input sanitization and output escaping. network low complexity kadencewp CWE-79	5.4
2024-06-27	CVE-2024-4901	Cross-site Scripting vulnerability in Gitlab An issue was discovered in GitLab CE/EE affecting all versions starting from 16.9 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, where a stored XSS vulnerability could be imported from a project with malicious commit notes. network low complexity gitlab CWE-79	5.4
2024-06-26	CVE-2024-28983	Cross-site Scripting vulnerability in Hitachi Business Analytics Server Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.1.0.0 and 9.3.0.7, including 8.3.x allow a malicious URL to inject content into the Analyzer plugin interface. network low complexity hitachi CWE-79	6.1
2024-06-26	CVE-2024-28984	Cross-site Scripting vulnerability in Hitachi Pentaho Business Analytics Server Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.1.0.0 and 9.3.0.7, including 8.3.x allow a malicious URL to inject content into the Analyzer plugin interface. network low complexity hitachi CWE-79	6.1
2024-06-26	CVE-2024-39241	Cross-site Scripting vulnerability in Skycaiji 2.8 Cross Site Scripting (XSS) vulnerability in skycaiji 2.8 allows attackers to run arbitrary code via /admin/tool/preview. network low complexity skycaiji CWE-79	6.1
2024-06-26	CVE-2024-39242	Cross-site Scripting vulnerability in Skycaiji 2.8 A cross-site scripting (XSS) vulnerability in skycaiji v2.8 allows attackers to execute arbitrary web scripts or HTML via a crafted payload using eval(String.fromCharCode()). network low complexity skycaiji CWE-79	6.1
2024-06-26	CVE-2024-5215	Cross-site Scripting vulnerability in Hasthemes HT Mega The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 2.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity hasthemes CWE-79	5.4