Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-03-29 | CVE-2024-2113 | Cross-site Scripting vulnerability in Ninjaforms Ninja Forms The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.0. | 4.3 |
| 2024-03-29 | CVE-2024-2842 | Cross-site Scripting vulnerability in Easy-Appointments Easy Appointments The Easy Appointments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ea_full_calendar' shortcode in all versions up to, and including, 3.11.18 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-03-29 | CVE-2024-2936 | Cross-site Scripting vulnerability in Athemes Sydney Toolbox The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the _id attribute of widgets in all versions up to, and including, 1.26 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-03-29 | CVE-2024-2475 | Cross-site Scripting vulnerability in Davidlingren Media Library Assistant The Media Library Assistant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.13 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-03-29 | CVE-2024-2841 | Cross-site Scripting vulnerability in Themeisle Otter Blocks The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 2.6.5 due to insufficient input sanitization and output escaping on user supplied attributes such as 'id'. | 5.4 |
| 2024-03-28 | CVE-2024-31137 | Cross-site Scripting vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2024.03 reflected XSS was possible via Space connection configuration | 6.1 |
| 2024-03-28 | CVE-2024-31138 | Cross-site Scripting vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2024.03 xSS was possible via Agent Distribution settings | 5.4 |
| 2024-03-28 | CVE-2023-6371 | Cross-site Scripting vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions before 16.8.5, all versions starting from 16.9 before 16.9.3, all versions starting from 16.10 before 16.10.1. | 5.4 |
| 2024-03-28 | CVE-2024-2091 | Cross-site Scripting vulnerability in Webtechstreet Elementor Addon Elements The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 1.13.1 due to insufficient input sanitization and output escaping on user supplied attributes. | 4.6 |
| 2024-03-28 | CVE-2024-2111 | Cross-site Scripting vulnerability in Pixelite Events Manager The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the physical location value in all versions up to, and including, 6.4.7.1 due to insufficient input sanitization and output escaping. | 5.4 |