Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-26 | CVE-2024-5169 | Cross-site Scripting vulnerability in Nikodev Video Widget 1.2.3 The Video Widget WordPress plugin through 1.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 4.8 |
| 2024-06-26 | CVE-2024-5199 | Cross-site Scripting vulnerability in Wolfiezero Spotify Play Button The Spotify Play Button WordPress plugin through 1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 5.4 |
| 2024-06-26 | CVE-2024-5332 | Cross-site Scripting vulnerability in Exclusiveaddons Exclusive Addons for Elementor The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Card widget in all versions up to, and including, 2.6.9.8 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-06-26 | CVE-2024-5173 | Cross-site Scripting vulnerability in Hasthemes HT Mega The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Video player widget settings in all versions up to, and including, 2.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-06-25 | CVE-2024-28831 | Cross-site Scripting vulnerability in Checkmk Stored XSS in some confirmation pop-ups in Checkmk before versions 2.3.0p7 and 2.2.0p28 allows Checkmk users to execute arbitrary scripts by injecting HTML elements into some user input fields that are shown in a confirmation pop-up. | 5.4 |
| 2024-06-25 | CVE-2024-28832 | Cross-site Scripting vulnerability in Checkmk Stored XSS in the Crash Report page in Checkmk before versions 2.3.0p7, 2.2.0p28, 2.1.0p45, and 2.0.0 (EOL) allows users with permission to change Global Settings to execute arbitrary scripts by injecting HTML elements into the Crash Report URL in the Global Settings. | 4.8 |
| 2024-06-24 | CVE-2024-34312 | Cross-site Scripting vulnerability in Moodle Virtual Programming LAB Virtual Programming Lab for Moodle up to v4.2.3 was discovered to contain a cross-site scripting (XSS) vulnerability via the component vplide.js. | 6.1 |
| 2024-06-24 | CVE-2024-37679 | Cross-site Scripting vulnerability in Finesoft Project Finesoft Cross Site Scripting vulnerability in Hangzhou Meisoft Information Technology Co., Ltd. | 6.1 |
| 2024-06-24 | CVE-2024-37680 | Cross-site Scripting vulnerability in Finesoft Project Finesoft Hangzhou Meisoft Information Technology Co., Ltd. | 6.1 |
| 2024-06-24 | CVE-2024-37732 | Cross-site Scripting vulnerability in Anchorcms Anchor CMS 0.12.7 Cross Site Scripting vulnerability in Anchor CMS v.0.12.7 allows a remote attacker to execute arbitrary code via a crafted .pdf file. | 6.1 |