Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-29 | CVE-2024-1447 | Cross-site Scripting vulnerability in Athemes Sydney Toolbox The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's aThemes Slider button element in all versions up to, and including, 1.25 due to insufficient input sanitization and output escaping on user supplied link. | 5.4 |
| 2024-02-29 | CVE-2024-1519 | Cross-site Scripting vulnerability in Properfraction Profilepress The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' parameter in all versions up to, and including, 4.14.4 due to insufficient input sanitization and output escaping. | 6.1 |
| 2024-02-29 | CVE-2024-1570 | Cross-site Scripting vulnerability in Properfraction Profilepress The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's login-password shortcode in all versions up to, and including, 4.14.4 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-02-29 | CVE-2023-6806 | Cross-site Scripting vulnerability in Squirrly Starbox The Starbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Job Settings user profile fields in all versions up to, and including, 3.4.8 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-02-29 | CVE-2023-7108 | Cross-site Scripting vulnerability in Fabianros E-Commerce Website 1.0 A vulnerability classified as problematic has been found in code-projects E-Commerce Website 1.0. | 6.1 |
| 2024-02-29 | CVE-2023-48650 | Cross-site Scripting vulnerability in Concretecms Concrete CMS Concrete CMS before 8.5.14 and 9 before 9.2.3 is vulnerable to an admin adding a stored XSS payload via the Layout Preset name. | 4.8 |
| 2024-02-29 | CVE-2023-49337 | Cross-site Scripting vulnerability in Concretecms Concrete CMS Concrete CMS before 9.2.3 allows Stored XSS on the Admin Dashboard via /dashboard/system/basics/name. | 4.8 |
| 2024-02-29 | CVE-2023-37529 | Cross-site Scripting vulnerability in Hcltech Bigfix Platform A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code into a webpage trying to retrieve cookie stored information. | 5.4 |
| 2024-02-29 | CVE-2023-37530 | Cross-site Scripting vulnerability in Hcltech Bigfix Platform A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code into a webpage trying to retrieve cookie stored information. | 5.4 |
| 2024-02-29 | CVE-2023-37531 | Cross-site Scripting vulnerability in Hcltech Bigfix Platform A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code into a form field of a webpage by a user with privileged access. | 4.8 |