Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-07 | CVE-2024-4042 | Cross-site Scripting vulnerability in Pickplugins Comboblocks The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' attribute of the menu-wrap-item block in all versions up to, and including, 2.2.80 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-06-07 | CVE-2024-5612 | Cross-site Scripting vulnerability in Wpdeveloper Essential Addons for Elementor The Essential Addons for Elementor Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘eael_lightbox_open_btn_icon’ parameter within the Lightbox & Modal widget in all versions up to, and including, 5.8.15 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-06-07 | CVE-2024-5640 | Cross-site Scripting vulnerability in Bdthemes Prime Slider The Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ attribute within the Pacific widget in all versions up to, and including, 3.14.7 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-06-07 | CVE-2024-1988 | Cross-site Scripting vulnerability in Pickplugins Post Grid The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' attribute in blocks in all versions up to, and including, 2.2.80 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-06-07 | CVE-2024-37383 | Cross-site Scripting vulnerability in multiple products Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via SVG animate attributes. | 6.1 |
| 2024-06-07 | CVE-2024-5425 | Cross-site Scripting vulnerability in Lightpress Lightbox The WP jQuery Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’ attribute in all versions up to, and including, 1.5.4 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-06-07 | CVE-2024-1768 | Cross-site Scripting vulnerability in Nayrathemes Clever FOX The Clever Fox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's info box block in all versions up to, and including, 25.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-06-06 | CVE-2023-37539 | Cross-site Scripting vulnerability in Hcltech Domino 11.0/12.0/14.0 The Domino Catalog template is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability. | 5.4 |
| 2024-06-06 | CVE-2024-36775 | Cross-site Scripting vulnerability in Monstra 3.0.4 A cross-site scripting (XSS) vulnerability in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the About Me parameter in the Edit Profile page. | 5.4 |
| 2024-06-06 | CVE-2024-3402 | Cross-site Scripting vulnerability in Gaizhenbiao Chuanhuchatgpt A stored Cross-Site Scripting (XSS) vulnerability existed in version (20240121) of gaizhenbiao/chuanhuchatgpt due to inadequate sanitization and validation of model output data. | 5.4 |