Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-26 | CVE-2024-27087 | Cross-site Scripting vulnerability in Getkirby Kirby Kirby is a content management system. | 5.4 |
| 2024-02-26 | CVE-2024-1871 | Cross-site Scripting vulnerability in Razormist Employee Management System 1.0 A vulnerability, which was classified as problematic, was found in SourceCodester Employee Management System 1.0. | 5.4 |
| 2024-02-24 | CVE-2024-1810 | Cross-site Scripting vulnerability in Ericteubert Archivist The Archivist – Custom Archive Templates plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘shortcode_attributes' parameter in all versions up to, and including, 1.7.5 due to insufficient input sanitization and output escaping. | 6.1 |
| 2024-02-23 | CVE-2024-1590 | Cross-site Scripting vulnerability in Pagelayer The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button Widget in all versions up to, and including, 1.8.2 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-02-22 | CVE-2024-26128 | Cross-site Scripting vulnerability in Basercms baserCMS is a website development framework. | 5.4 |
| 2024-02-22 | CVE-2024-26151 | Cross-site Scripting vulnerability in Felixschwarz Mjml-Python 0.10.0 The `mjml` PyPI package, found at the `FelixSchwarz/mjml-python` GitHub repo, is an unofficial Python port of MJML, a markup language created by Mailjet. | 5.4 |
| 2024-02-22 | CVE-2023-44379 | Cross-site Scripting vulnerability in Basercms baserCMS is a website development framework. | 6.1 |
| 2024-02-22 | CVE-2024-26284 | Cross-site Scripting vulnerability in Mozilla Firefox Focus Utilizing a 302 redirect, an attacker could have conducted a Universal Cross-Site Scripting (UXSS) on a victim website, if the victim had a link to the attacker's website. | 6.1 |
| 2024-02-22 | CVE-2024-0903 | Cross-site Scripting vulnerability in Monsterinsights Userfeedback The User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'page_submitted' 'link' value in all versions up to, and including, 1.0.13 due to insufficient input sanitization and output escaping. | 6.1 |
| 2024-02-22 | CVE-2024-26489 | Cross-site Scripting vulnerability in Flusity 2.33 A cross-site scripting (XSS) vulnerability in the Addon JD Flusity 'Social block links' module of flusity-CMS v2.33 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Profile Name text field. | 6.1 |