Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-07 | CVE-2024-24131 | Cross-site Scripting vulnerability in Superwebmailer 9.31.0.01799 SuperWebMailer v9.31.0.01799 was discovered to contain a reflected cross-site scripting (XSS) vulenrability via the component api.php. | 6.1 |
| 2024-02-07 | CVE-2023-40355 | Cross-site Scripting vulnerability in Axigen Mobile Webmail Cross Site Scripting (XSS) vulnerability in Axigen versions 10.3.3.0 before 10.3.3.59, 10.4.0 before 10.4.19, and 10.5.0 before 10.5.5, allows authenticated attackers to execute arbitrary code and obtain sensitive information via the logic for switching between the Standard and Ajax versions. | 5.4 |
| 2024-02-07 | CVE-2024-0977 | Cross-site Scripting vulnerability in Coolplugins Timeline Widget for Elementor The Timeline Widget For Elementor (Elementor Timeline, Vertical & Horizontal Timeline) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image URLs in the plugin's timeline widget in all versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-02-07 | CVE-2024-1037 | Cross-site Scripting vulnerability in Updraftplus All-In-One Security The All-In-One Security (AIOS) – Security and Firewall plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 5.2.5 due to insufficient input sanitization and output escaping. | 6.1 |
| 2024-02-07 | CVE-2024-1055 | Cross-site Scripting vulnerability in Ideabox Powerpack Addons for Elementor The PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's buttons in all versions up to, and including, 2.7.14 due to insufficient input sanitization and output escaping on user supplied URL values. | 5.4 |
| 2024-02-07 | CVE-2024-0256 | Cross-site Scripting vulnerability in Squirrly Starbox The Starbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Profile Display Name and Social Settings in all versions up to, and including, 3.4.8 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-02-07 | CVE-2024-0955 | Cross-site Scripting vulnerability in Tenable Nessus A stored XSS vulnerability exists where an authenticated, remote attacker with administrator privileges on the Nessus application could alter Nessus proxy settings, which could lead to the execution of remote arbitrary scripts. | 4.8 |
| 2024-02-07 | CVE-2024-1265 | Cross-site Scripting vulnerability in Codeastro University Management System 1.0 A vulnerability classified as problematic has been found in CodeAstro University Management System 1.0. | 4.8 |
| 2024-02-06 | CVE-2023-40143 | Cross-site Scripting vulnerability in Westermo L206-F2G Firmware 4.24 An attacker with access to the Westermo Lynx web application that has the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "forward.0.domain" parameter. | 5.4 |
| 2024-02-06 | CVE-2023-42765 | Cross-site Scripting vulnerability in Westermo L206-F2G Firmware 4.24 An attacker with access to the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "username" parameter in the SNMP configuration. | 5.4 |