Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-05-23 | CVE-2024-5165 | Cross-site Scripting vulnerability in Eclipse Ditto In Eclipse Ditto versions 3.0.0 to 3.5.5, the user input of several input fields of the Eclipse Ditto Explorer User Interface https://eclipse.dev/ditto/user-interface.html was not properly neutralized and thus vulnerable to both Reflected and Stored XSS (Cross Site Scripting). Several inputs were not persisted at the backend of Eclipse Ditto, but only in local browser storage to save settings of "environments" of the UI and e.g. | 5.4 |
| 2024-05-23 | CVE-2024-4835 | Cross-site Scripting vulnerability in Gitlab A XSS condition exists within GitLab in versions 15.11 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1. | 8.2 |
| 2024-05-22 | CVE-2024-5025 | Cross-site Scripting vulnerability in Caseproof Memberpress The Memberpress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘arglist’ parameter in all versions up to, and including, 1.11.29 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-05-22 | CVE-2024-1762 | Cross-site Scripting vulnerability in Nextscripts Social Networks Auto Poster The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTTP_USER_AGENT header in all versions up to, and including, 4.4.3 due to insufficient input sanitization and output escaping. | 6.1 |
| 2024-05-22 | CVE-2024-4971 | Cross-site Scripting vulnerability in Thimpress Learnpress The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 4.2.6.6 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-05-21 | CVE-2024-31847 | Cross-site Scripting vulnerability in Italtel Embrace 1.6.4 An issue was discovered in Italtel Embrace 1.6.4. | 6.1 |
| 2024-05-21 | CVE-2024-35218 | Cross-site Scripting vulnerability in Umbraco CMS Umbraco CMS is an ASP.NET CMS used by more than 730.000 websites. | 4.8 |
| 2024-05-21 | CVE-2024-4452 | Cross-site Scripting vulnerability in Wpmet Elementskit The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-05-21 | CVE-2024-4619 | Cross-site Scripting vulnerability in Elementor Website Builder The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘hover_animation’ parameter in versions up to, and including, 3.21.4 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-05-21 | CVE-2024-4876 | Cross-site Scripting vulnerability in Hasthemes HT Mega The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘popover_header_text’ parameter in versions up to, and including, 2.5.2 due to insufficient input sanitization and output escaping. | 5.4 |