Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-22 | CVE-2024-25801 | Cross-site Scripting vulnerability in Skinsoft S-Museum 7.02.3 SKINsoft S-Museum 7.02.3 allows XSS via the filename of an uploaded file. | 6.1 |
| 2024-02-22 | CVE-2024-1451 | Cross-site Scripting vulnerability in Gitlab 16.9.0 An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 before 16.9.1. | 8.7 |
| 2024-02-21 | CVE-2024-26148 | Cross-site Scripting vulnerability in Pinterest Querybook Querybook is a user interface for querying big data. | 6.1 |
| 2024-02-21 | CVE-2024-25898 | Cross-site Scripting vulnerability in Churchcrm 5.5.0 A XSS vulnerability was found in the ChurchCRM v.5.5.0 functionality, edit your event, where malicious JS or HTML code can be inserted in the Event Sermon field in EventEditor.php. | 6.1 |
| 2024-02-21 | CVE-2022-45179 | Cross-site Scripting vulnerability in Liveboxcloud Vdesk 018/031 An issue was discovered in LIVEBOX Collaboration vDesk through v031. | 5.4 |
| 2024-02-21 | CVE-2024-1474 | Cross-site Scripting vulnerability in Progress WS FTP Server In WS_FTP Server versions before 8.8.5, reflected cross-site scripting issues have been identified on various user supplied inputs on the WS_FTP Server administrative interface. | 6.1 |
| 2024-02-21 | CVE-2023-47795 | Cross-site Scripting vulnerability in Liferay Portal Stored cross-site scripting (XSS) vulnerability in the Document and Media widget in Liferay Portal 7.4.3.18 through 7.4.3.101, and Liferay DXP 2023.Q3 before patch 6, and 7.4 update 18 through 92 allows remote authenticated users to inject arbitrary web script or HTML via a crafted payload injected into a document's “Title” text field. | 5.4 |
| 2024-02-21 | CVE-2024-1081 | Cross-site Scripting vulnerability in 3Dflipbook 3D Flipbook The 3D FlipBook – PDF Flipbook WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bookmark feature in all versions up to, and including, 1.15.3 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-02-21 | CVE-2024-1676 | Cross-site Scripting vulnerability in multiple products Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to spoof security UI via a crafted HTML page. | 5.4 |
| 2024-02-21 | CVE-2024-25151 | Cross-site Scripting vulnerability in Liferay Digital Experience Platform and Liferay Portal The Calendar module in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions does not escape user supplied data in the default notification email template, which allows remote authenticated users to inject arbitrary web script or HTML via the title of a calendar event or the user's name. | 5.4 |