Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-09 | CVE-2024-1247 | Cross-site Scripting vulnerability in Concretecms Concrete CMS Concrete CMS version 9 before 9.2.5 is vulnerable to stored XSS via the Role Name field since there is insufficient validation of administrator provided data for that field. A rogue administrator could inject malicious code into the Role Name field which might be executed when users visit the affected page. | 4.8 |
| 2024-02-09 | CVE-2024-22119 | Cross-site Scripting vulnerability in Zabbix The cause of vulnerability is improper validation of form input field “Name” on Graph page in Items section. | 5.4 |
| 2024-02-09 | CVE-2023-31506 | Cross-site Scripting vulnerability in Getgrav Grav A cross-site scripting (XSS) vulnerability in Grav versions 1.7.44 and before, allows remote authenticated attackers to execute arbitrary web scripts or HTML via the onmouseover attribute of an ISINDEX element. | 5.4 |
| 2024-02-09 | CVE-2023-39683 | Cross-site Scripting vulnerability in Zalify Easy Email Cross Site Scripting (XSS) vulnerability in EasyEmail v.4.12.2 and before allows a local attacker to execute arbitrary code via the user input parameter(s). | 6.1 |
| 2024-02-09 | CVE-2024-0657 | Cross-site Scripting vulnerability in Internallinkjuicer Internal Link Juicer The Internal Link Juicer: SEO Auto Linker for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings such as 'ilj_settings_field_links_per_page' in all versions up to, and including, 2.23.4 due to insufficient input sanitization and output escaping. | 4.8 |
| 2024-02-08 | CVE-2023-40262 | Cross-site Scripting vulnerability in Unify Openscape Voice Trace Manager V8 An issue was discovered in Atos Unify OpenScape Voice Trace Manager V8 before V8 R0.9.11. | 6.1 |
| 2024-02-08 | CVE-2023-51630 | Cross-site Scripting vulnerability in Paessler Prtg Network Monitor Paessler PRTG Network Monitor Cross-Site Scripting Authentication Bypass Vulnerability. | 6.1 |
| 2024-02-08 | CVE-2023-49101 | Cross-site Scripting vulnerability in Axigen Mobile Webmail WebAdmin in Axigen 10.3.x before 10.3.3.61, 10.4.x before 10.4.24, and 10.5.x before 10.5.10 allows XSS attacks against admins because of mishandling of viewing the usage of SSL certificates. | 6.1 |
| 2024-02-08 | CVE-2024-24494 | Cross-site Scripting vulnerability in Remyandrade Daily Habit Tracker 1.0 Cross Site Scripting vulnerability in Daily Habit Tracker v.1.0 allows a remote attacker to execute arbitrary code via the day, exercise, pray, read_book, vitamins, laundry, alcohol and meat parameters in the add-tracker.php and update-tracker.php components. | 6.1 |
| 2024-02-08 | CVE-2024-24115 | Cross-site Scripting vulnerability in Cotonti Siena 0.9.24 A stored cross-site scripting (XSS) vulnerability in the Edit Page function of Cotonti CMS v0.9.24 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload. | 5.4 |