Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-30 | CVE-2024-8792 | Cross-site Scripting vulnerability in Markjaquith Subscribe to Comments The Subscribe to Comments plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.3. | 6.1 |
| 2024-10-30 | CVE-2024-9884 | The T(-) Countdown plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tminus' shortcode in all versions up to, and including, 2.4.8 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2024-10-30 | CVE-2024-9885 | The Widget or Sidebar Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sidebar' shortcode in all versions up to, and including, 0.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2024-10-30 | CVE-2024-10503 | Cross-site Scripting vulnerability in Klokantech Maptiler Tileserver GL 2.3.1 A vulnerability was found in Klokan MapTiler tileserver-gl 2.3.1 and classified as problematic. | 6.1 |
| 2024-10-29 | CVE-2024-50348 | Cross-site Scripting vulnerability in Instantcms InstantCMS is a free and open source content management system. | 5.4 |
| 2024-10-29 | CVE-2024-10226 | Cross-site Scripting vulnerability in Tychesoftwares Arconix Shortcodes The Arconix Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'box' shortcode in all versions up to, and including, 2.1.13 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-10-29 | CVE-2024-47640 | Cross-site Scripting vulnerability in Wedevs WP ERP Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in weDevs WP ERP allows Reflected XSS.This issue affects WP ERP: from n/a through 1.13.2. | 6.1 |
| 2024-10-29 | CVE-2024-49632 | Cross-site Scripting vulnerability in Coralwebdesign CWD 3D Image Gallery Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Coral Web Design CWD 3D Image Gallery allows Reflected XSS.This issue affects CWD 3D Image Gallery: from n/a through 1.0. | 6.1 |
| 2024-10-29 | CVE-2024-49634 | Cross-site Scripting vulnerability in Rimonhabib BP Member Type Manager Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Rimon Habib BP Member Type Manager allows Reflected XSS.This issue affects BP Member Type Manager: from n/a through 1.01. | 6.1 |
| 2024-10-29 | CVE-2024-51075 | Cross-site Scripting vulnerability in PHPgurukul Online DJ Booking Management System 1.0 A Reflected Cross Site Scripting (XSS) vulnerability was found in /odms/admin/user-search.php in PHPGurukul Online DJ Booking Management System v1.0, which allows remote attackers to execute arbitrary code via the searchdata parameter. | 6.1 |