VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
> Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2024-12-20
CVE-2024-11811
The Feedify – Web Push Notifications plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'platform', 'phone', 'email', and 'store_url' parameters.
network
low complexity
CWE-79
6.1
6.1
2024-12-20
CVE-2024-12845
Cross-site Scripting vulnerability in Emlog
A vulnerability classified as problematic was found in Emlog Pro up to 2.4.1.
network
low complexity
emlog
CWE-79
6.1
6.1
2024-12-20
CVE-2024-12843
Cross-site Scripting vulnerability in Emlog
A vulnerability was found in Emlog Pro up to 2.4.1.
network
low complexity
emlog
CWE-79
6.1
6.1
2024-12-20
CVE-2024-12844
Cross-site Scripting vulnerability in Emlog
A vulnerability classified as problematic has been found in Emlog Pro up to 2.4.1.
network
low complexity
emlog
CWE-79
6.1
6.1
2024-12-20
CVE-2024-12841
Cross-site Scripting vulnerability in Emlog
A vulnerability was found in Emlog Pro up to 2.4.1.
network
low complexity
emlog
CWE-79
6.1
6.1
2024-12-20
CVE-2024-56352
Cross-site Scripting vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2024.12 stored XSS was possible via image name on the agent details page
network
low complexity
jetbrains
CWE-79
5.4
5.4
2024-12-20
CVE-2024-56355
Cross-site Scripting vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2024.12 missing Content-Type header in RemoteBuildLogController response could lead to XSS
network
low complexity
jetbrains
CWE-79
5.4
5.4
2024-12-20
CVE-2024-11331
The ??????? ??????? ??????? ???? ???? plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.1.3.
network
low complexity
CWE-79
6.1
6.1
2024-12-20
CVE-2024-11411
The Spotlightr plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'spotlightr-v' shortcode in all versions up to, and including, 0.1.9 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2024-12-20
CVE-2024-11774
The Outdooractive Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'list2go' shortcode in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
«
Previous
1
2
...
27
28
29
(current)
30
31
...
1822
1823
»
Next