Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-04-22 | CVE-2024-32479 | Cross-site Scripting vulnerability in Librenms LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. | 5.4 |
| 2024-04-20 | CVE-2024-1730 | Cross-site Scripting vulnerability in Bdthemes Prime Slider The Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Media Slider, Drag Drop Slider, Video Slider, Product Slider, Ecommerce Slider) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via urls in link fields, images from URLs, and html tags used in widgets in all versions up to, and including, 3.14.0 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-04-19 | CVE-2024-3560 | Cross-site Scripting vulnerability in Thimpress Learnpress The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the _id value in all versions up to, and including, 4.2.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-04-19 | CVE-2024-3598 | Cross-site Scripting vulnerability in Wpmet Elementskit The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Creative Button widget in all versions up to, and including, 3.6.0 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-04-18 | CVE-2023-6892 | Cross-site Scripting vulnerability in Wpfactory EAN for Woocommerce The EAN for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'alg_wc_ean_product_meta' shortcode in all versions up to, and including, 4.8.7 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-04-18 | CVE-2024-1426 | Cross-site Scripting vulnerability in Bdthemes Element Pack The Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ attribute of the Price List widget in all versions up to, and including, 5.6.0 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-04-18 | CVE-2024-1429 | Cross-site Scripting vulnerability in Bdthemes Element Pack The Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tab_link’ attribute of the Panel Slider widget in all versions up to, and including, 5.6.0 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-04-17 | CVE-2024-3841 | Cross-site Scripting vulnerability in multiple products Insufficient data validation in Browser Switcher in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to inject scripts or HTML into a privileged page via a malicious file. | 6.1 |
| 2024-04-17 | CVE-2024-3847 | Cross-site Scripting vulnerability in multiple products Insufficient policy enforcement in WebUI in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass content security policy via a crafted HTML page. | 6.1 |
| 2024-04-15 | CVE-2024-27794 | Cross-site Scripting vulnerability in Claris Filemaker Server Claris FileMaker Server before version 20.3.2 was susceptible to a reflected Cross-Site Scripting vulnerability due to an improperly handled parameter in the FileMaker WebDirect login endpoint. | 6.1 |