Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-06 | CVE-2024-37156 | Cross-site Scripting vulnerability in Sulu Suluformbundle The SuluFormBundle adds support for creating dynamic forms in Sulu Admin. | 6.1 |
| 2024-06-06 | CVE-2024-5038 | Cross-site Scripting vulnerability in Extendthemes Colibri Page Builder The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.0.276 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-06-06 | CVE-2024-5188 | Cross-site Scripting vulnerability in Wpdeveloper Essential Addons for Elementor The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'get_manual_calendar_events' function in all versions up to, and including, 5.9.22 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-06-06 | CVE-2024-5673 | Cross-site Scripting vulnerability in Dulldusk PHPfilemanager 1.7.8 Vulnerability in Dulldusk's PHP File Manager affecting version 1.7.8. | 6.1 |
| 2024-06-06 | CVE-2024-5259 | Cross-site Scripting vulnerability in Multivendorx The MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘hover_animation’ parameter in all versions up to, and including, 4.1.11 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-06-06 | CVE-2024-5221 | Cross-site Scripting vulnerability in Qodeinteractive QI Blocks The Qi Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file uploader in all versions up to, and including, 1.2.9 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-06-06 | CVE-2024-5656 | Cross-site Scripting vulnerability in Erikeng Google CSE 1.0.7 The Google CSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping. | 4.8 |
| 2024-06-06 | CVE-2024-2922 | Cross-site Scripting vulnerability in Themesflat Addons for Elementor 2.0.0/2.1.2 The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widget tags in all versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-06-06 | CVE-2024-4212 | Cross-site Scripting vulnerability in Themesflat Addons for Elementor 2.0.0/2.1.2 The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's TF Group Image, TF Nav Menu, TF Posts, TF Woo Product Grid, TF Accordion, and TF Image Box widgets in all versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-06-06 | CVE-2024-4364 | Cross-site Scripting vulnerability in Qodeinteractive QI Addons for Elementor The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's button widgets in all versions up to, and including, 1.7.2 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |