Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-03-28 | CVE-2024-31137 | Cross-site Scripting vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2024.03 reflected XSS was possible via Space connection configuration | 6.1 |
| 2024-03-28 | CVE-2024-31138 | Cross-site Scripting vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2024.03 xSS was possible via Agent Distribution settings | 5.4 |
| 2024-03-28 | CVE-2023-6371 | Cross-site Scripting vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions before 16.8.5, all versions starting from 16.9 before 16.9.3, all versions starting from 16.10 before 16.10.1. | 5.4 |
| 2024-03-28 | CVE-2024-2091 | Cross-site Scripting vulnerability in Webtechstreet Elementor Addon Elements The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 1.13.1 due to insufficient input sanitization and output escaping on user supplied attributes. | 4.6 |
| 2024-03-28 | CVE-2024-2111 | Cross-site Scripting vulnerability in Pixelite Events Manager The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the physical location value in all versions up to, and including, 6.4.7.1 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-03-27 | CVE-2024-29891 | Cross-site Scripting vulnerability in Zitadel ZITADEL users can upload their own avatar image and various image types are allowed. | 8.7 |
| 2024-03-27 | CVE-2024-28852 | Cross-site Scripting vulnerability in Ampache Ampache is a web based audio/video streaming application and file manager. | 6.1 |
| 2024-03-27 | CVE-2024-28853 | Cross-site Scripting vulnerability in Ampache Ampache is a web based audio/video streaming application and file manager. | 5.9 |
| 2024-03-27 | CVE-2024-2120 | Cross-site Scripting vulnerability in Elementor Website Builder The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Post Navigation widget in all versions up to, and including, 3.20.1 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-03-27 | CVE-2024-2139 | Cross-site Scripting vulnerability in Master-Addons Master Addons The Master Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Pricing Table widget in all versions up to, and including, 2.0.5.6 due to insufficient input sanitization and output escaping. | 5.4 |