Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE	CVE	VULNERABILITY TITLE	RISK
2024-03-13	CVE-2023-4839	Cross-site Scripting vulnerability in Codecabin WP GO Maps The WP Go Maps for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 9.0.32 due to insufficient input sanitization and output escaping. network low complexity codecabin CWE-79	4.8
2024-03-13	CVE-2024-1582	Cross-site Scripting vulnerability in Codecabin WP GO Maps The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpgmza' shortcode in all versions up to, and including, 9.0.32 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity codecabin CWE-79	5.4
2024-03-12	CVE-2024-1397	Cross-site Scripting vulnerability in Hasthemes HT Mega The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's blocks in all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping on the 'titleTag' user supplied attributes. network low complexity hasthemes CWE-79	5.4
2024-03-12	CVE-2024-1421	Cross-site Scripting vulnerability in Hasthemes HT Mega The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘border_type’ attribute of the Post Carousel widget in all versions up to, and including, 2.4.4 due to insufficient input sanitization and output escaping. network low complexity hasthemes CWE-79	5.4
2024-03-12	CVE-2024-0386	Cross-site Scripting vulnerability in Weformspro Weforms The weForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Referer' HTTP header in all versions up to, and including, 1.6.21 due to insufficient input sanitization and output escaping. network low complexity weformspro CWE-79	6.1
2024-03-12	CVE-2023-42307	Cross-site Scripting vulnerability in Code-Projects Exam Form Submission 1.0 Cross Site Scripting (XSS) vulnerability in Code-Projects Exam Form Submission 1.0 allows attackers to run arbitrary code via "Subject Name" and "Subject Code" section. network low complexity code-projects CWE-79	6.1
2024-03-12	CVE-2024-28112	Cross-site Scripting vulnerability in Peering-Manager Peering Manager Peering Manager is a BGP session management tool. network low complexity peering-manager CWE-79	4.8
2024-03-12	CVE-2024-21419	Cross-site Scripting vulnerability in Microsoft Dynamics 365 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability network low complexity microsoft CWE-79	5.4
2024-03-12	CVE-2023-4728	Cross-site Scripting vulnerability in Ladipage The LadiApp plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the publish_lp() function hooked via an AJAX action in versions up to, and including, 4.4. network low complexity ladipage CWE-79	5.4
2024-03-12	CVE-2024-21584	Cross-site Scripting vulnerability in Pleasanter Pleasanter 1.3.49.0 and earlier contains a cross-site scripting vulnerability. network low complexity pleasanter CWE-79	6.1