Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2024-05-14 CVE-2024-30053 Cross-site Scripting vulnerability in Microsoft Azure Migrate
Azure Migrate Cross-Site Scripting Vulnerability
network
low complexity
microsoft CWE-79
5.4
5.4
2024-05-14 CVE-2024-34355 Cross-site Scripting vulnerability in Typo3
TYPO3 is an enterprise content management system.
network
low complexity
typo3 CWE-79
5.4
5.4
2024-05-14 CVE-2024-34716 Cross-site Scripting vulnerability in Prestashop
PrestaShop is an open source e-commerce web application.
network
low complexity
prestashop CWE-79
6.1
6.1
2024-05-14 CVE-2024-4333 Cross-site Scripting vulnerability in Sinaextra Sina Extension for Elementor
The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting via several parameters in versions up to, and including, 3.5.3 due to insufficient input sanitization and output escaping.
network
low complexity
sinaextra CWE-79
5.4
5.4
2024-05-14 CVE-2024-4473 Cross-site Scripting vulnerability in Athemes Sydney Toolbox
The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the "aThemes: Portfolio" widget in all versions up to, and including, 1.31 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
athemes CWE-79
5.4
5.4
2024-05-14 CVE-2024-4624 Cross-site Scripting vulnerability in Wpdeveloper Essential Addons for Elementor
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugins for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘eael_ext_toc_title_tag’ parameter in versions up to, and including, 5.9.20 due to insufficient input sanitization and output escaping.
network
low complexity
wpdeveloper CWE-79
5.4
5.4
2024-05-14 CVE-2024-4158 Cross-site Scripting vulnerability in Creativethemes Blocksy
The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tagName’ parameter in versions up to, and including, 2.0.42 due to insufficient input sanitization and output escaping.
network
low complexity
creativethemes CWE-79
5.4
5.4
2024-05-14 CVE-2024-4209 Cross-site Scripting vulnerability in Kadencewp Gutenberg Blocks With AI
The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the countdown timer in all versions up to, and including, 3.2.36 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
kadencewp CWE-79
5.4
5.4
2024-05-14 CVE-2024-4275 Cross-site Scripting vulnerability in Wpdeveloper Essential Addons for Elementor
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Interactive Circle widget in all versions up to, and including, 5.9.19 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
wpdeveloper CWE-79
5.4
5.4
2024-05-14 CVE-2024-4277 Cross-site Scripting vulnerability in Thimpress Learnpress
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘layout_html’ parameter in all versions up to, and including, 4.2.6.5 due to insufficient input sanitization and output escaping.
network
low complexity
thimpress CWE-79
5.4
5.4