Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-24 | CVE-2024-13354 | Cross-site Scripting vulnerability in Cyberchimps Responsive Addons The Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via HTML tags in several widgets in all versions up to, and including, 1.6.4 due to insufficient input sanitization and output escaping. | 5.4 |
| 2025-01-24 | CVE-2024-13542 | Cross-site Scripting vulnerability in Agenceseo WP Google Street View The WP Google Street View (with 360° virtual tour) & Google maps + Local SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpgsv' shortcode in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-01-24 | CVE-2024-13572 | Cross-site Scripting vulnerability in Nfusionsolutions Precious Metals Charts and Widgets The Precious Metals Charts and Widgets for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'nfusion-widget' shortcode in all versions up to, and including, 1.2.8 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-01-24 | CVE-2024-12494 | Cross-site Scripting vulnerability in Bmltenabled Meeting MAP The BMLT Meeting Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bmlt_meeting_map' shortcode in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-01-24 | CVE-2024-13583 | Cross-site Scripting vulnerability in Come2Theweb Simple Gallery With Filter The Simple Gallery with Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'c2tw_sgwf' shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-01-24 | CVE-2024-13659 | Cross-site Scripting vulnerability in Listamester The Listamester plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'listamester' shortcode in all versions up to, and including, 2.3.4 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-01-23 | CVE-2024-57386 | Cross-site Scripting vulnerability in Wallosapp Wallos 2.41.0 Cross Site Scripting vulnerability in Wallos v.2.41.0 allows a remote attacker to execute arbitrary code via the profile picture function. | 6.1 |
| 2025-01-23 | CVE-2024-57556 | Cross-site Scripting vulnerability in Nbubna Store Cross Site Scripting vulnerability in nbubna store v.2.14.2 and before allows a remote attacker to execute arbitrary code via the store.deep.js component | 6.1 |
| 2025-01-23 | CVE-2025-23227 | IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.11 is vulnerable to stored cross-site scripting. | 6.4 |
| 2025-01-23 | CVE-2024-10539 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Uyumsoft Informatin Systems Uyumsoft ERP allows XSS Using Invalid Characters, Reflected XSS.This issue affects Uyumsoft ERP: before Erp4.2109.166p45. | 5.5 |