Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2024-10-29 CVE-2024-49643 Cross-site Scripting vulnerability in Abdullahirfan Whitelist
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Abdullah Irfan Whitelist allows Reflected XSS.This issue affects Whitelist: from n/a through 3.5.
network
low complexity
abdullahirfan CWE-79
6.1
6.1
2024-10-29 CVE-2024-49645 Cross-site Scripting vulnerability in Soft-Master Affiliate Platform
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ilias Gomatos Affiliate Platform allows Reflected XSS.This issue affects Affiliate Platform: from n/a through 1.4.8.
network
low complexity
soft-master CWE-79
6.1
6.1
2024-10-29 CVE-2024-51180 Cross-site Scripting vulnerability in PHPgurukul Ifsc Code Finder 1.0
A Reflected Cross Site Scripting (XSS) vulnerability was found in /ifscfinder/index.php in PHPGurukul IFSC Code Finder Project v1.0, which allows remote attackers to execute arbitrary code via the "searchifsccode" parameter.
network
low complexity
phpgurukul CWE-79
6.1
6.1
2024-10-29 CVE-2024-51181 Cross-site Scripting vulnerability in PHPgurukul Ifsc Code Finder 1.0
A Reflected Cross Site Scripting (XSS) vulnerability was found in /ifscfinder/admin/profile.php in PHPGurukul IFSC Code Finder Project v1.0, which allows remote attackers to execute arbitrary code via " searchifsccode" parameter.
network
low complexity
phpgurukul CWE-79
6.1
6.1
2024-10-29 CVE-2024-6581 Cross-site Scripting vulnerability in Lollms Lord of Large Language Models 9.9
A vulnerability in the discussion image upload function of the Lollms application, version v9.9, allows for the uploading of SVG files.
network
low complexity
lollms CWE-79
critical
 9.0
9.0
2024-10-29 CVE-2024-10181 The Newsletters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's newsletters_video shortcode in all versions up to, and including, 4.9.9.4 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2024-10-29 CVE-2024-49651 Cross-site Scripting vulnerability in Mattroyal Woocommerce Maintenance Mode
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Matt Royal WooCommerce Maintenance Mode allows Reflected XSS.This issue affects WooCommerce Maintenance Mode: from n/a through 2.0.1.
network
low complexity
mattroyal CWE-79
6.1
6.1
2024-10-29 CVE-2024-49654 Cross-site Scripting vulnerability in Marianheddesheimer Extra Privacy for Elementor
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Marian Heddesheimer Extra Privacy for Elementor allows Reflected XSS.This issue affects Extra Privacy for Elementor: from n/a through 0.1.3.
network
low complexity
marianheddesheimer CWE-79
6.1
6.1
2024-10-29 CVE-2024-49656 Cross-site Scripting vulnerability in Abdullahirfan Documentpress
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Abdullah Irfan DocumentPress allows Reflected XSS.This issue affects DocumentPress: from n/a through 2.1.
network
low complexity
abdullahirfan CWE-79
6.1
6.1
2024-10-29 CVE-2024-49659 Cross-site Scripting vulnerability in Chartscss Coub
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Rami Yushuvaev Coub allows Stored XSS.This issue affects Coub: from n/a through 1.4.
network
low complexity
chartscss CWE-79
5.4
5.4