VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
> Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2024-12-17
CVE-2024-11905
The Animated Counters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'animatedcounte' shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2024-12-17
CVE-2024-11906
The TPG Get Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tpg_get_posts' shortcode in all versions up to, and including, 3.6.5 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2024-12-16
CVE-2024-12443
The CRM Perks – WordPress HelpDesk Integration – Zendesk, Freshdesk, HelpScout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'crm-perks-tickets' shortcode in all versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2024-12-16
CVE-2024-12664
Cross-site Scripting vulnerability in Ruifang-Tech Rebuild 3.8.5
A vulnerability, which was classified as problematic, has been found in ruifang-tech Rebuild 3.8.5.
network
low complexity
ruifang-tech
CWE-79
5.4
5.4
2024-12-16
CVE-2024-12665
Cross-site Scripting vulnerability in Ruifang-Tech Rebuild 3.8.5
A vulnerability, which was classified as problematic, was found in ruifang-tech Rebuild 3.8.5.
network
low complexity
ruifang-tech
CWE-79
5.4
5.4
2024-12-16
CVE-2024-12641
TenderDocTransfer from Chunghwa Telecom has a Reflected Cross-site scripting vulnerability.
network
low complexity
CWE-79
critical
9.6
9.6
2024-12-14
CVE-2024-11720
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via submission forms in all versions up to, and including, 3.24.5 due to insufficient input sanitization and output escaping on the new Taxonomy form.
network
low complexity
CWE-79
7.2
7.2
2024-12-14
CVE-2024-12446
The Post to Pdf plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gmptp_single_post' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2024-12-14
CVE-2024-12628
The bodi0`s Easy cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cache-folder' parameter in all versions up to, and including, 0.8 due to insufficient input sanitization and output escaping.
network
high complexity
CWE-79
4.4
4.4
2024-12-14
CVE-2024-10646
The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form's subject parameter in all versions up to, and including, 5.2.6 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
7.2
7.2
«
Previous
1
2
...
31
32
33
(current)
34
35
...
1822
1823
»
Next