Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-03 | CVE-2024-10743 | Cross-site Scripting vulnerability in PHPgurukul Online Shopping Portal 2.0 A vulnerability was found in PHPGurukul Online Shopping Portal 2.0. | 6.1 |
| 2024-11-02 | CVE-2024-10701 | Cross-site Scripting vulnerability in PHPgurukul CAR Rental Portal 1.0 A vulnerability was found in PHPGurukul Car Rental Portal 1.0. | 6.1 |
| 2024-11-02 | CVE-2024-9896 | Cross-site Scripting vulnerability in Spider-Themes BBP Core The BBP Core – Expand bbPress powered forums with useful features plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.2.5. | 6.1 |
| 2024-11-02 | CVE-2024-10310 | Cross-site Scripting vulnerability in Bdthemes Element Pack The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom Gallery Widget 'image_title' parameter in all versions up to, and including, 5.10.1 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-11-02 | CVE-2024-8739 | Cross-site Scripting vulnerability in Wedevs Recaptcha Integration The ReCaptcha Integration for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.2.5. | 6.1 |
| 2024-11-02 | CVE-2024-9868 | Cross-site Scripting vulnerability in Bdthemes Element Pack The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Age Gate Widget 'url' parameter in all versions up to, and including, 5.10.1 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-11-01 | CVE-2024-41745 | Cross-site Scripting vulnerability in IBM Cics TX 11.1.0.0 IBM CICS TX Standard is vulnerable to cross-site scripting. | 6.1 |
| 2024-11-01 | CVE-2024-51377 | Cross-site Scripting vulnerability in Ladybirdweb Faveo Helpdesk 9.2.0 An issue in Ladybird Web Solution Faveo Helpdesk & Servicedesk (On-Premise and Cloud) 9.2.0 allows a remote attacker to execute arbitrary code via the Subject and Identifier fields | 5.4 |
| 2024-11-01 | CVE-2024-10367 | The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping. | 6.4 |
| 2024-11-01 | CVE-2024-10232 | The Group Chat & Video Chat by AtomChat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's atomchat shortcode in all versions up to, and including, 1.1.5 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |