Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-12 | CVE-2023-6082 | Cross-site Scripting vulnerability in Chartjs Project Chartjs 2023.2 The chartjs WordPress plugin through 2023.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 5.4 |
| 2024-02-12 | CVE-2023-6591 | Cross-site Scripting vulnerability in Ays-Pro Popup BOX 20.8.7/20.8.8/20.8.9 The Popup Box WordPress plugin before 20.9.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | 4.8 |
| 2024-02-12 | CVE-2023-7233 | Cross-site Scripting vulnerability in TRI Gigpress The GigPress WordPress plugin through 2.3.29 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 4.8 |
| 2024-02-12 | CVE-2024-0420 | Cross-site Scripting vulnerability in Mappresspro Mappress Maps for Wordpress The MapPress Maps for WordPress plugin before 2.88.15 does not sanitize and escape the map title when outputting it back in the admin dashboard, allowing Contributors and above roles to perform Stored Cross-Site Scripting attacks | 5.4 |
| 2024-02-12 | CVE-2023-41703 | Cross-site Scripting vulnerability in Open-Xchange Appsuite User ID references at mentions in document comments were not correctly sanitized. | 6.1 |
| 2024-02-12 | CVE-2023-41704 | Cross-site Scripting vulnerability in Open-Xchange Appsuite Processing of CID references at E-Mail can be abused to inject malicious script code that passes the sanitization engine. | 6.1 |
| 2024-02-12 | CVE-2023-41708 | Cross-site Scripting vulnerability in Open-Xchange Appsuite References to the "app loader" functionality could contain redirects to unexpected locations. | 5.4 |
| 2024-02-12 | CVE-2023-47526 | Cross-site Scripting vulnerability in Ays-Pro Chartify 2.0.6 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chart Builder Team Chartify – WordPress Chart Plugin allows Stored XSS.This issue affects Chartify – WordPress Chart Plugin: from n/a through 2.0.6. | 4.8 |
| 2024-02-12 | CVE-2023-50875 | Cross-site Scripting vulnerability in Automattic Sensei LMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic Sensei LMS – Online Courses, Quizzes, & Learning allows Stored XSS.This issue affects Sensei LMS – Online Courses, Quizzes, & Learning: from n/a through 4.17.0. | 5.4 |
| 2024-02-12 | CVE-2024-24927 | Cross-site Scripting vulnerability in Unitedthemes Brooklyn 4.9.7.6 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UnitedThemes Brooklyn | Creative Multi-Purpose Responsive WordPress Theme allows Reflected XSS.This issue affects Brooklyn | Creative Multi-Purpose Responsive WordPress Theme: from n/a through 4.9.7.6. | 6.1 |