Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE	CVE	VULNERABILITY TITLE	RISK
2024-05-16	CVE-2024-3134	Cross-site Scripting vulnerability in Master-Addons Master Addons The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the title_html_tag attribute in all versions up to, and including, 2.0.6.0 due to insufficient input sanitization and output escaping. network low complexity master-addons CWE-79	5.4
2024-05-16	CVE-2024-2619	Cross-site Scripting vulnerability in Brainstormforce Elementor Header & Footer Builder The Elementor Header & Footer Builder for WordPress is vulnerable to HTML Injection in all versions up to, and including, 1.6.26 due to insufficient input sanitization and output escaping. network low complexity brainstormforce CWE-79	5.4
2024-05-16	CVE-2024-4580	Cross-site Scripting vulnerability in Master-Addons Master Addons The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 2.0.6.0 due to insufficient input sanitization and output escaping. network low complexity master-addons CWE-79	5.4
2024-05-16	CVE-2024-35300	Cross-site Scripting vulnerability in Jetbrains Teamcity 2024.03 In JetBrains TeamCity between 2024.03 and 2024.03.1 several stored XSS in the available updates page were possible network low complexity jetbrains CWE-79	6.1
2024-05-16	CVE-2024-35302	Cross-site Scripting vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2023.11 stored XSS during restore from backup was possible network low complexity jetbrains CWE-79	6.1
2024-05-16	CVE-2024-4288	Cross-site Scripting vulnerability in Nsquared Simply Schedule Appointments The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ parameter in versions up to, and including, 1.6.7.14 due to insufficient input sanitization and output escaping. network low complexity nsquared CWE-79	5.4
2024-05-16	CVE-2024-4385	Cross-site Scripting vulnerability in Envothemes Envo Extra The Envo Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 1.8.16 due to insufficient input sanitization and output escaping. network low complexity envothemes CWE-79	5.4
2024-05-16	CVE-2024-4634	Cross-site Scripting vulnerability in Brainstormforce Elementor Header & Footer Builder The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘hfe_svg_mime_types’ function in versions up to, and including, 1.6.28 due to insufficient input sanitization and output escaping. network low complexity brainstormforce CWE-79	5.4
2024-05-16	CVE-2024-3887	Cross-site Scripting vulnerability in Royal-Elementor-Addons Royal Elementor Addons The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Form Builder widget in all versions up to, and including, 1.3.974 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity royal-elementor-addons CWE-79	5.4
2024-05-16	CVE-2024-4391	Cross-site Scripting vulnerability in Leevio Happy Addons for Elementor The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Event Calendar widget in all versions up to, and including, 3.10.7 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity leevio CWE-79	5.4