Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-03-07 | CVE-2024-1377 | Cross-site Scripting vulnerability in Leevio Happy Addons for Elementor The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘author_meta_tag’ attribute of the Author Meta widget in all versions up to, and including, 3.10.3 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-03-07 | CVE-2024-1720 | Cross-site Scripting vulnerability in Wpuserregistration User Registration & Membership The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Display Name' parameter in all versions up to, and including, 3.1.4 due to insufficient input sanitization and output escaping. | 6.1 |
| 2024-03-07 | CVE-2024-1761 | Cross-site Scripting vulnerability in Ninjateam WP Chat APP The WP Chat App plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget/block in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping on user supplied attributes such as 'buttonColor' and 'phoneNumber'. | 5.4 |
| 2024-03-07 | CVE-2024-28095 | Cross-site Scripting vulnerability in Schoolbox 21.0.2 News functionality in Schoolbox application before version 23.1.3 is vulnerable to stored cross-site scripting allowing authenticated attacker to perform security actions in the context of the affected users. | 5.4 |
| 2024-03-07 | CVE-2024-28096 | Cross-site Scripting vulnerability in Schoolbox 21.0.2 Class functionality in Schoolbox application before version 23.1.3 is vulnerable to stored cross-site scripting allowing authenticated attacker to perform security actions in the context of the affected users. | 5.4 |
| 2024-03-07 | CVE-2024-28097 | Cross-site Scripting vulnerability in Schoolbox 21.0.2 Calendar functionality in Schoolbox application before version 23.1.3 is vulnerable to stored cross-site scripting allowing authenticated attacker to perform security actions in the context of the affected users. | 5.4 |
| 2024-03-06 | CVE-2023-50167 | Cross-site Scripting vulnerability in Pega Platform Pega Platform from 7.1.7 to 23.1.1 is affected by an XSS issue with editing/rendering user html content. | 6.1 |
| 2024-03-06 | CVE-2024-28153 | Cross-site Scripting vulnerability in Jenkins Owasp Dependency-Check Jenkins OWASP Dependency-Check Plugin 5.4.5 and earlier does not escape vulnerability metadata from Dependency-Check reports, resulting in a stored cross-site scripting (XSS) vulnerability. | 5.4 |
| 2024-03-06 | CVE-2024-28156 | Cross-site Scripting vulnerability in Jenkins Build Monitor View Jenkins Build Monitor View Plugin 1.14-860.vd06ef2568b_3f and earlier does not escape Build Monitor View names, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure Build Monitor Views. | 5.4 |
| 2024-03-06 | CVE-2023-49971 | Cross-site Scripting vulnerability in Oretnom23 Customer Support System 1.0 A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the firstname parameter at /customer_support/index.php?page=customer_list. | 6.1 |