Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2024-05-14 CVE-2024-3923 Cross-site Scripting vulnerability in Fastlinemedia Beaver Builder
The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the link_target parameter in all versions up to, and including, 2.8.1.1 due to insufficient input sanitization and output escaping.
network
low complexity
fastlinemedia CWE-79
5.4
5.4
2024-05-14 CVE-2024-3989 Cross-site Scripting vulnerability in Hasthemes HT Mega
The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Gallery Justify Widget in all versions up to, and including, 2.5.0 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
hasthemes CWE-79
5.4
5.4
2024-05-14 CVE-2024-3990 Cross-site Scripting vulnerability in Hasthemes HT Mega
The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Tooltip & Popover Widget in all versions up to, and including, 2.5.0 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
hasthemes CWE-79
5.4
5.4
2024-05-14 CVE-2024-34697 Cross-site Scripting vulnerability in Freescout
FreeScout is a free, self-hosted help desk and shared mailbox.
network
low complexity
freescout CWE-79
6.1
6.1
2024-05-14 CVE-2024-3068 Cross-site Scripting vulnerability in Custom Field Suite Project Custom Field Suite
The Custom Field Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cfs[fields][*][name]' parameter in all versions up to, and including, 2.6.5 due to insufficient input sanitization and output escaping.
network
low complexity
custom-field-suite-project CWE-79
4.8
4.8
2024-05-14 CVE-2024-34081 Cross-site Scripting vulnerability in Mantisbt
MantisBT (Mantis Bug Tracker) is an open source issue tracker.
network
low complexity
mantisbt CWE-79
4.8
4.8
2024-05-14 CVE-2024-31443 Cross-site Scripting vulnerability in multiple products
Cacti provides an operational monitoring and fault management framework.
network
low complexity
cacti fedoraproject CWE-79
5.4
5.4
2024-05-14 CVE-2024-31444 Cross-site Scripting vulnerability in multiple products
Cacti provides an operational monitoring and fault management framework.
network
low complexity
cacti fedoraproject CWE-79
5.4
5.4
2024-05-14 CVE-2024-2923 Cross-site Scripting vulnerability in Wpthemespace Magical Addons for Elementor
The Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library ) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's text effect widget in all versions up to, and including, 1.1.37 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
wpthemespace CWE-79
5.4
5.4
2024-05-14 CVE-2024-2785 Cross-site Scripting vulnerability in Posimyth the Plus Addons for Elementor
The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Age Gate widget in all versions up to, and including, 5.4.2 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
posimyth CWE-79
5.4
5.4