Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-21 | CVE-2023-39517 | Cross-site Scripting vulnerability in Joplin Project Joplin Joplin is a free, open source note taking and to-do application. | 5.4 |
| 2024-06-21 | CVE-2024-37671 | Cross-site Scripting vulnerability in Tessi Docubase 5.0 Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a remote attacker to execute arbitrary code via the page parameter. | 5.4 |
| 2024-06-21 | CVE-2024-37672 | Cross-site Scripting vulnerability in Tessi Docubase 5.0 Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a remote attacker to execute arbitrary code via the idactivity parameter. | 5.4 |
| 2024-06-21 | CVE-2024-37673 | Cross-site Scripting vulnerability in Tessi Docubase 5.0 Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a remote attacker to execute arbitrary code via the filename parameter. | 5.4 |
| 2024-06-21 | CVE-2024-37675 | Cross-site Scripting vulnerability in Tessi Docubase 5.0 Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a remote attacker to execute arbitrary code via the parameter "sectionContent" related to the functionality of adding notes to an uploaded file. | 5.4 |
| 2024-06-21 | CVE-2022-38055 | Cross-site Scripting vulnerability in Gvectors Wpforo Forum Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in gVectors Team wpForo Forum allows Content Spoofing.This issue affects wpForo Forum: from n/a through 2.0.9. | 5.4 |
| 2024-06-21 | CVE-2024-35758 | Cross-site Scripting vulnerability in Themehorse Interface Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Theme Horse Interface allows Stored XSS.This issue affects Interface: from n/a through 3.1.0. | 5.4 |
| 2024-06-21 | CVE-2024-5945 | Cross-site Scripting vulnerability in Kubiq WP SVG Images The WP SVG Images plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘type’ parameter in all versions up to, and including, 4.2 due to insufficient input sanitization. | 5.4 |
| 2024-06-21 | CVE-2024-6225 | Cross-site Scripting vulnerability in Tms-Outsource Amelia The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1.5 (and 7.5.1 for the Pro version) due to insufficient input sanitization and output escaping. | 4.8 |
| 2024-06-21 | CVE-2024-5191 | Cross-site Scripting vulnerability in Wpmudev Branda The Branda – White Label WordPress, Custom Login Page Customizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mime_types’ parameter in all versions up to, and including, 3.4.17 due to insufficient input sanitization and output escaping. | 5.4 |