Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-20 | CVE-2024-5686 | Cross-site Scripting vulnerability in Wpzoom Addons for Elementor The WPZOOM Addons for Elementor (Templates, Widgets) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ attribute within the plugin's Team Members widget in all versions up to, and including, 1.1.38 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-06-20 | CVE-2024-1168 | Cross-site Scripting vulnerability in Seopress The SEOPress – On-site SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's social image URL in all versions up to, and including, 7.9 due to insufficient input sanitization and output escaping on user supplied image URLs. | 5.4 |
| 2024-06-20 | CVE-2024-3558 | Cross-site Scripting vulnerability in Custom Field Suite Project Custom Field Suite The Custom Field Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the 'cfs[post_title]' parameter versions up to, and including, 2.6.7 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-06-20 | CVE-2024-4626 | Cross-site Scripting vulnerability in Crocoblock Jetwidgets for Elementor The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘layout_type’ and 'id' parameters in all versions up to, and including, 1.0.17 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-06-20 | CVE-2024-6177 | Cross-site Scripting vulnerability in LG Supersign CMS Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in LG Electronics SuperSign CMS allows Reflected XSS. This issue affects SuperSign CMS: from 4.1.3 before < 4.3.1. | 6.1 |
| 2024-06-20 | CVE-2024-6178 | Cross-site Scripting vulnerability in LG Supersign CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LG Electronics SuperSign CMS allows Reflected XSS. This issue affects SuperSign CMS: from 4.1.3 before < 4.3.1. | 6.1 |
| 2024-06-20 | CVE-2024-6179 | Cross-site Scripting vulnerability in LG Supersign CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LG Electronics SuperSign CMS allows Reflected XSS. This issue affects SuperSign CMS: from 4.1.3 before < 4.3.1. | 6.1 |
| 2024-06-18 | CVE-2024-37800 | Cross-site Scripting vulnerability in Health Care Hospital Management System Project Health Care Hospital Management System 1.0 CodeProjects Restaurant Reservation System v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Date parameter at index.php. | 6.1 |
| 2024-06-18 | CVE-2024-37803 | Cross-site Scripting vulnerability in Health Care Hospital Management System Project Health Care Hospital Management System 1.0 Multiple stored cross-site scripting (XSS) vulnerabilities in CodeProjects Health Care hospital Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fname and lname parameters under the Staff Info page. | 5.4 |
| 2024-06-18 | CVE-2024-38507 | Cross-site Scripting vulnerability in Jetbrains HUB In JetBrains Hub before 2024.2.34646 stored XSS via project description was possible | 5.4 |