Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2024-02-09 CVE-2024-25109 Cross-site Scripting vulnerability in Miraheze Managewiki 20210428
ManageWiki is a MediaWiki extension allowing users to manage wikis.
network
low complexity
miraheze CWE-79
5.4
5.4
2024-02-09 CVE-2024-1245 Cross-site Scripting vulnerability in Concretecms Concrete CMS
Concrete CMS version 9 before 9.2.5 is vulnerable to stored XSS in file tags and description attributes since administrator entered file attributes are not sufficiently sanitized in the Edit Attributes page.
network
low complexity
concretecms CWE-79
4.8
4.8
2024-02-09 CVE-2024-1246 Cross-site Scripting vulnerability in Concretecms Concrete CMS
Concrete CMS in version 9 before 9.2.5 is vulnerable to reflected XSS via the Image URL Import Feature due to insufficient validation of administrator provided data.
network
low complexity
concretecms CWE-79
4.8
4.8
2024-02-09 CVE-2024-1247 Cross-site Scripting vulnerability in Concretecms Concrete CMS
Concrete CMS version 9 before 9.2.5 is vulnerable to  stored XSS via the Role Name field since there is insufficient validation of administrator provided data for that field. A rogue administrator could inject malicious code into the Role Name field which might be executed when users visit the affected page.
network
low complexity
concretecms CWE-79
4.8
4.8
2024-02-09 CVE-2024-22119 Cross-site Scripting vulnerability in Zabbix
The cause of vulnerability is improper validation of form input field “Name” on Graph page in Items section.
network
low complexity
zabbix CWE-79
5.4
5.4
2024-02-09 CVE-2023-31506 Cross-site Scripting vulnerability in Getgrav Grav
A cross-site scripting (XSS) vulnerability in Grav versions 1.7.44 and before, allows remote authenticated attackers to execute arbitrary web scripts or HTML via the onmouseover attribute of an ISINDEX element.
network
low complexity
getgrav CWE-79
5.4
5.4
2024-02-09 CVE-2023-39683 Cross-site Scripting vulnerability in Zalify Easy Email
Cross Site Scripting (XSS) vulnerability in EasyEmail v.4.12.2 and before allows a local attacker to execute arbitrary code via the user input parameter(s).
network
low complexity
zalify CWE-79
6.1
6.1
2024-02-09 CVE-2024-0657 Cross-site Scripting vulnerability in Internallinkjuicer Internal Link Juicer
The Internal Link Juicer: SEO Auto Linker for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings such as 'ilj_settings_field_links_per_page' in all versions up to, and including, 2.23.4 due to insufficient input sanitization and output escaping.
network
low complexity
internallinkjuicer CWE-79
4.8
4.8
2024-02-08 CVE-2023-40262 Cross-site Scripting vulnerability in Unify Openscape Voice Trace Manager V8
An issue was discovered in Atos Unify OpenScape Voice Trace Manager V8 before V8 R0.9.11.
network
low complexity
unify CWE-79
6.1
6.1
2024-02-08 CVE-2023-51630 Cross-site Scripting vulnerability in Paessler Prtg Network Monitor
Paessler PRTG Network Monitor Cross-Site Scripting Authentication Bypass Vulnerability.
network
low complexity
paessler CWE-79
6.1
6.1