Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-29 | CVE-2023-41165 | Cross-site Scripting vulnerability in Stormshield Network Security An issue was discovered in Stormshield Network Security (SNS) 3.7.0 through 3.7.38 before 3.7.39, 3.10.0 through 3.11.26 before 3.11.27, 4.0 through 4.3.21 before 4.3.22, and 4.4.0 through 4.6.8 before 4.6.9. | 4.8 |
| 2024-02-28 | CVE-2024-21798 | Cross-site Scripting vulnerability in Elecom products ELECOM wireless LAN routers contain a cross-site scripting vulnerability. | 4.8 |
| 2024-02-28 | CVE-2024-25435 | Cross-site Scripting vulnerability in Md1Health Md1Patient 1.16.0/2.0.0 A cross-site scripting (XSS) vulnerability in Md1health Md1patient v2.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Msg parameter. | 6.1 |
| 2024-02-28 | CVE-2024-27285 | Cross-site Scripting vulnerability in multiple products YARD is a Ruby Documentation tool. | 6.1 |
| 2024-02-28 | CVE-2024-27103 | Cross-site Scripting vulnerability in Pinterest Querybook Querybook is a Big Data Querying UI. | 6.1 |
| 2024-02-28 | CVE-2024-1808 | Cross-site Scripting vulnerability in Getshortcodes Shortcodes Ultimate The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'su_qrcode' shortcode in all versions up to, and including, 7.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-02-28 | CVE-2024-1636 | Cross-site Scripting vulnerability in Progress Sitefinity Potential Cross-Site Scripting (XSS) in the page editing area. | 5.4 |
| 2024-02-27 | CVE-2024-26143 | Cross-site Scripting vulnerability in Rubyonrails Rails Rails is a web-application framework. | 6.1 |
| 2024-02-27 | CVE-2023-7115 | Cross-site Scripting vulnerability in Pagelayer The Page Builder: Pagelayer WordPress plugin before 1.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 4.8 |
| 2024-02-27 | CVE-2024-1323 | Cross-site Scripting vulnerability in Themeisle Orbit FOX The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Post Type Grid Widget Title in all versions up to, and including, 2.10.30 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |