Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-03-25 | CVE-2024-29179 | Cross-site Scripting vulnerability in PHPmyfaq 3.2.5 phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. | 4.8 |
| 2024-03-25 | CVE-2024-27300 | Cross-site Scripting vulnerability in PHPmyfaq 3.2.5 phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. | 5.4 |
| 2024-03-25 | CVE-2024-28106 | Cross-site Scripting vulnerability in PHPmyfaq 3.2.5 phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. | 5.4 |
| 2024-03-25 | CVE-2024-28108 | Cross-site Scripting vulnerability in PHPmyfaq 3.2.5 phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. | 6.1 |
| 2024-03-23 | CVE-2024-1049 | Cross-site Scripting vulnerability in Godaddy Coblocks The Page Builder Gutenberg Blocks – CoBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Icon Widget's in all versions up to, and including, 3.1.6 due to insufficient input sanitization and output escaping on the link value. | 5.4 |
| 2024-03-23 | CVE-2024-2202 | Cross-site Scripting vulnerability in Siteorigin Page Builder The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the legacy Image widget in all versions up to, and including, 2.29.6 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-03-23 | CVE-2024-2468 | Cross-site Scripting vulnerability in Wpdeveloper Embedpress The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the EmbedPress widget 'embedpress_pro_twitch_theme ' attribute in all versions up to, and including, 3.9.12 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-03-23 | CVE-2024-2688 | Cross-site Scripting vulnerability in Wpdeveloper Embedpress The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the EmbedPress document widget in all versions up to, and including, 3.9.12 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-03-23 | CVE-2024-1697 | Cross-site Scripting vulnerability in Themelocation Custom Woocommerce Checkout Fields Editor The Custom WooCommerce Checkout Fields Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the save_wcfe_options function in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-03-23 | CVE-2024-2131 | Cross-site Scripting vulnerability in Moveaddons Move Addons for Elementor The Move Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's infobox and button widget in all versions up to, and including, 1.2.9 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |