Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-20 | CVE-2024-26140 | Cross-site Scripting vulnerability in Yetanalytics LRS and SQL LRS com.yetanalytics/lrs is the Yet Analytics Core LRS Library. | 6.1 |
| 2024-02-20 | CVE-2023-51447 | Cross-site Scripting vulnerability in Decidim Decidim is a participatory democracy framework. | 5.4 |
| 2024-02-20 | CVE-2024-25973 | Cross-site Scripting vulnerability in Frentix Openolat The Frentix GmbH OpenOlat LMS is affected by multiple stored Cross-Site Scripting (XSS) vulnerabilities. An attacker with rights to create or edit groups can create a course with a name that contains an XSS payload. | 5.4 |
| 2024-02-20 | CVE-2024-1559 | Cross-site Scripting vulnerability in Ylefebvre Link Library The Link Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'll_reciprocal' parameter in all versions up to, and including, 7.6 due to insufficient input sanitization and output escaping. | 6.1 |
| 2024-02-20 | CVE-2024-1510 | Cross-site Scripting vulnerability in Getshortcodes Shortcodes Ultimate The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's su_tooltip shortcode in all versions up to, and including, 7.0.2 due to insufficient input sanitization and output escaping on user supplied attributes and user supplied tags. | 5.4 |
| 2024-02-19 | CVE-2024-25640 | Cross-site Scripting vulnerability in Dfir-Iris Iris Iris is a web collaborative platform that helps incident responders share technical details during investigations. | 5.4 |
| 2024-02-19 | CVE-2024-26318 | Cross-site Scripting vulnerability in Serenity Serenity before 6.8.0 allows XSS via an email link because LoginPage.tsx permits return URLs that do not begin with a / character. | 6.1 |
| 2024-02-17 | CVE-2024-25297 | Cross-site Scripting vulnerability in Bludit 3.15.0 Cross Site Scripting (XSS) vulnerability in Bludit CMS version 3.15, allows remote attackers to execute arbitrary code and obtain sensitive information via edit-content.php. | 4.8 |
| 2024-02-16 | CVE-2024-21984 | Cross-site Scripting vulnerability in Netapp Storagegrid StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8 are susceptible to a difficult to exploit Reflected Cross-Site Scripting (XSS) vulnerability. | 6.9 |
| 2024-02-16 | CVE-2024-25627 | Cross-site Scripting vulnerability in ALF Alf.io is a free and open source event attendance management system. | 4.8 |