Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-05 | CVE-2024-9667 | Cross-site Scripting vulnerability in Castos Seriously Simple Podcasting The Seriously Simple Podcasting plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.5.0. | 6.1 |
| 2024-11-05 | CVE-2024-5578 | Cross-site Scripting vulnerability in Dublue Table of Contents Plus The Table of Contents Plus WordPress plugin through 2408 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | 4.8 |
| 2024-11-05 | CVE-2024-7876 | Cross-site Scripting vulnerability in Nsqua Simply Schedule Appointments The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin WordPress plugin before 1.6.7.55 does not sanitise and escape some of its Appointment Type settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | 4.8 |
| 2024-11-05 | CVE-2024-7877 | Cross-site Scripting vulnerability in Nsqua Simply Schedule Appointments The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin WordPress plugin before 1.6.7.55 does not sanitise and escape some of its Notification settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | 4.8 |
| 2024-11-05 | CVE-2024-9883 | Cross-site Scripting vulnerability in Podsfoundation Pods The Pods WordPress plugin before 3.2.7.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 4.8 |
| 2024-11-05 | CVE-2024-10340 | The Shortcodes Blocks Creator Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'scu' shortcode in versions up to, and including, 2.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2024-11-05 | CVE-2024-10807 | Cross-site Scripting vulnerability in Anujkumar Hospital Management System 4.0 A vulnerability was found in PHPGurukul Hospital Management System 4.0. | 4.8 |
| 2024-11-05 | CVE-2024-10806 | Cross-site Scripting vulnerability in Anujkumar Hospital Management System 4.0 A vulnerability was found in PHPGurukul Hospital Management System 4.0. | 4.8 |
| 2024-11-05 | CVE-2023-34443 | Cross-site Scripting vulnerability in Combodo Itop Combodo iTop is a simple, web based IT Service Management tool. | 6.1 |
| 2024-11-05 | CVE-2023-34444 | Cross-site Scripting vulnerability in Combodo Itop Combodo iTop is a simple, web based IT Service Management tool. | 6.1 |