Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-16 | CVE-2023-27636 | Cross-site Scripting vulnerability in Progress Sitefinity Progress Sitefinity before 15.0.0 allows XSS by authenticated users via the content form in the SF Editor. | 5.4 |
| 2024-06-16 | CVE-2024-38454 | Cross-site Scripting vulnerability in Expressionengine ExpressionEngine before 7.4.11 allows XSS. | 6.1 |
| 2024-06-15 | CVE-2024-3814 | Cross-site Scripting vulnerability in Tagdiv Composer 4.2/4.4 The tagDiv Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'single' module in all versions up to, and including, 4.8 due to insufficient input sanitization and output escaping on user supplied attributes. | 4.8 |
| 2024-06-15 | CVE-2024-3815 | Cross-site Scripting vulnerability in Tagdiv Newspaper The Newspaper theme for WordPress is vulnerable to Stored Cross-Site Scripting via attachment meta in the archive page in all versions up to, and including, 12.6.5 due to insufficient input sanitization and output escaping on user supplied attributes. | 4.8 |
| 2024-06-15 | CVE-2024-4479 | Cross-site Scripting vulnerability in Jegtheme JEG Elementor KIT The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sg_general_toggle_tab_enable and sg_accordion_style attributes within the plugin's JKit - Tabs and JKit - Accordion widget, respectively, in all versions up to, and including, 2.6.5 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-06-15 | CVE-2024-5263 | Cross-site Scripting vulnerability in Wpmet Elementskit The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Motion Text and Table widgets in all versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-06-14 | CVE-2024-36599 | Cross-site Scripting vulnerability in Aegon Life Insurance Management System 1.0 A cross-site scripting (XSS) vulnerability in Aegon Life v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter at insertClient.php. | 6.1 |
| 2024-06-14 | CVE-2024-37888 | Cross-site Scripting vulnerability in Mlewand Open Link The Open Link is a CKEditor plugin, extending context menu with a possibility to open link in a new tab. | 6.1 |
| 2024-06-14 | CVE-2024-4863 | Cross-site Scripting vulnerability in Kadencewp Gutenberg Blocks With AI The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘titleFont’ parameter in all versions up to, and including, 3.2.38 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-06-14 | CVE-2024-5994 | Cross-site Scripting vulnerability in Codecabin WP GO Maps The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Custom JS option in versions up to, and including, 9.0.38. | 5.4 |