Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2024-05-02 CVE-2024-3883 Cross-site Scripting vulnerability in 3Dflipbook 3D Flipbook
The 3D FlipBook plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Bookmark URL field in all versions up to, and including, 1.15.4 due to insufficient input sanitization and output escaping.
network
low complexity
3dflipbook CWE-79
5.4
5.4
2024-05-01 CVE-2023-23021 Cross-site Scripting vulnerability in Oretnom23 POS - Point of Sale System 1.0
Cross Site Scripting (XSS) vulnerability in sourcecodester oretnom23 pos point sale system 1.0, allows attackers to execute arbitrary code via the code, name, and description inputs in file Main.php.
network
low complexity
oretnom23 CWE-79
6.1
6.1
2024-05-01 CVE-2023-23022 Cross-site Scripting vulnerability in Oretnom23 Employees Payroll Management System 1.0
Cross site scripting (XSS) vulnerability in sourcecodester oretnom23 employee's payroll management system 1.0, allows attackers to execute arbitrary code via the code, title, from_date and to_date inputs in file Main.php.
network
low complexity
oretnom23 CWE-79
6.1
6.1
2024-05-01 CVE-2024-0334 Cross-site Scripting vulnerability in Jegtheme JEG Elementor KIT
The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom attribute of a link in several Elementor widgets in all versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
jegtheme CWE-79
5.4
5.4
2024-04-27 CVE-2024-3309 Cross-site Scripting vulnerability in Qodeinteractive QI Addons for Elementor
The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown Widget's attributes in all versions up to, and including, 1.7.0 due to insufficient input sanitization and output escaping.
network
low complexity
qodeinteractive CWE-79
5.4
5.4
2024-04-26 CVE-2024-3890 Cross-site Scripting vulnerability in Leevio Happy Addons for Elementor
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Calendly widget in all versions up to, and including, 3.10.5 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
leevio CWE-79
5.4
5.4
2024-04-25 CVE-2024-3994 Cross-site Scripting vulnerability in Themeum Tutor LMS
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tutor_instructor_list' shortcode in all versions up to, and including, 2.6.2 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
themeum CWE-79
5.4
5.4
2024-04-25 CVE-2024-3988 Cross-site Scripting vulnerability in Sinaextra Sina Extension for Elementor
The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Sina Fancy Text Widget in all versions up to, and including, 3.5.2 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
sinaextra CWE-79
5.4
5.4
2024-04-24 CVE-2024-2404 Cross-site Scripting vulnerability in Utopique Better Comments
The Better Comments WordPress plugin before 1.5.6 does not sanitise and escape some of its settings, which could allow low privilege users such as Subscribers to perform Stored Cross-Site Scripting attacks.
network
low complexity
utopique CWE-79
5.4
5.4
2024-04-23 CVE-2024-4072 Cross-site Scripting vulnerability in Aditya88 Online Furniture Shopping Ecommerce Website 1.0
A vulnerability was found in Kashipara Online Furniture Shopping Ecommerce Website 1.0.
network
low complexity
aditya88 CWE-79
5.4
5.4