Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-03-02 | CVE-2024-0378 | Cross-site Scripting vulnerability in Jordymeow AI Engine The AI Engine: Chatbots, Generators, Assistants, GPT 4 and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the AI chat data when discussion tracking is enabled in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. | 6.1 |
| 2024-03-02 | CVE-2024-1775 | Cross-site Scripting vulnerability in Nextendweb Nextend Social Login The Nextend Social Login and Register plugin for WordPress is vulnerable to a self-based Reflected Cross-Site Scripting via the ‘error_description’ parameter in all versions up to, and including, 3.1.12 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-03-01 | CVE-2024-25436 | Cross-site Scripting vulnerability in SFU Open Journal Systems 3.3 A cross-site scripting (XSS) vulnerability in the Production module of Pkp Ojs v3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Input subject field under the Add Discussion function. | 6.1 |
| 2024-02-29 | CVE-2024-25292 | Cross-site Scripting vulnerability in Martinbarker Rendertune 1.1.4 Cross-site scripting (XSS) vulnerability in RenderTune v1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Upload Title parameter. | 9.6 |
| 2024-02-29 | CVE-2024-1977 | Cross-site Scripting vulnerability in Josephlopreste Restaurant Solutions - Checklist 1.0.0 The Restaurant Solutions – Checklist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Checklist points in version 1.0.0 due to insufficient input sanitization and output escaping. | 4.8 |
| 2024-02-29 | CVE-2024-1341 | Cross-site Scripting vulnerability in Tinywebgallery Advanced Iframe The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's advanced_iframe shortcode in all versions up to, and including, 2024.1 due to the plugin allowing users to include JS files from external sources through the additional_js attribute. | 5.4 |
| 2024-02-29 | CVE-2024-0689 | Cross-site Scripting vulnerability in Custom Field Suite Project Custom Field Suite The Custom Field Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a meta import in all versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping on the meta values. | 4.8 |
| 2024-02-29 | CVE-2023-51800 | Cross-site Scripting vulnerability in School Fees Management System Project School Fees Management System1.0 Cross Site Scripting (XSS) vulnerability in School Fees Management System v.1.0 allows a remote attacker to execute arbitrary code via a crafted payload to the main_settings component in the phone, address, bank, acc_name, acc_number parameters, new_class and cname parameter, add_new_parent function in the name email parameters, new_term function in the tname parameter, and the edit_student function in the name parameter. | 5.4 |
| 2024-02-29 | CVE-2023-51802 | Cross-site Scripting vulnerability in Oretnom23 Simple Student Attendance System 1.0 Cross Site Scripting (XSS) vulnerability in the Simple Student Attendance System v.1.0 allows a remote attacker to execute arbitrary code via a crafted payload to the page or class_month parameter in the /php-attendance/attendance_report component. | 6.1 |
| 2024-02-29 | CVE-2024-21724 | Cross-site Scripting vulnerability in Joomla Joomla! Inadequate input validation for media selection fields lead to XSS vulnerabilities in various extensions. | 6.1 |