Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE	CVE	VULNERABILITY TITLE	RISK
2024-05-16	CVE-2024-4478	Cross-site Scripting vulnerability in Leevio Happy Addons for Elementor The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Stack Group widget in all versions up to, and including, 3.10.7 due to insufficient input sanitization and output escaping on user supplied 'tooltip_position' attribute. network low complexity leevio CWE-79	5.4
2024-05-15	CVE-2024-4702	Cross-site Scripting vulnerability in Kraftplugins Mega Elements The Mega Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button widget in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity kraftplugins CWE-79	5.4
2024-05-15	CVE-2024-3548	Cross-site Scripting vulnerability in Getshortcodes Shortcodes Ultimate The WP Shortcodes Plugin — Shortcodes Ultimate WordPress plugin before 7.1.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin network low complexity getshortcodes CWE-79	6.1
2024-05-15	CVE-2024-3189	Cross-site Scripting vulnerability in Kadencewp Gutenberg Blocks With AI The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Testimonial', 'Progress Bar', 'Lottie Animations', 'Row Layout', 'Google Maps', and 'Advanced Gallery' blocks in all versions up to, and including, 3.2.37 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity kadencewp CWE-79	5.4
2024-05-15	CVE-2024-4208	Cross-site Scripting vulnerability in Kadencewp Gutenberg Blocks With AI The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the typer effect in the advanced heading widget in all versions up to, and including, 3.2.37 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity kadencewp CWE-79	5.4
2024-05-15	CVE-2024-4373	Cross-site Scripting vulnerability in Sinaextra Sina Extension for Elementor The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Sina Particle Layer widget in all versions up to, and including, 3.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity sinaextra CWE-79	5.4
2024-05-15	CVE-2024-4618	Cross-site Scripting vulnerability in Exclusiveaddons Exclusive Addons for Elementor The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Team Member widget in all versions up to, and including, 2.6.9.6 due to insufficient input sanitization and output escaping on user supplied 'url' attribute. network low complexity exclusiveaddons CWE-79	5.4
2024-05-15	CVE-2024-4370	Cross-site Scripting vulnerability in Wpzoom Elementor Addons The WPZOOM Addons for Elementor (Templates, Widgets) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget Image Box in all versions up to, and including, 1.1.36 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity wpzoom CWE-79	5.4
2024-05-14	CVE-2024-30047	Cross-site Scripting vulnerability in Microsoft Dynamics 365 Customer Insights Dynamics 365 Customer Insights Spoofing Vulnerability network low complexity microsoft CWE-79	4.1
2024-05-14	CVE-2024-30048	Cross-site Scripting vulnerability in Microsoft Dynamics 365 Customer Insights Dynamics 365 Customer Insights Spoofing Vulnerability network low complexity microsoft CWE-79	4.1