Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-06 | CVE-2023-45222 | Cross-site Scripting vulnerability in Westermo L206-F2G Firmware 4.24 An attacker with access to the web application that has the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "autorefresh" parameter. | 5.4 |
| 2024-02-06 | CVE-2023-45227 | Cross-site Scripting vulnerability in Westermo L206-F2G Firmware 4.24 An attacker with access to the web application with vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "dns.0.server" parameter. | 5.4 |
| 2024-02-06 | CVE-2024-1256 | Cross-site Scripting vulnerability in Ujcms Jspxcms 10.2.0 A vulnerability was found in Jspxcms 10.2.0 and classified as problematic. | 4.3 |
| 2024-02-06 | CVE-2024-1257 | Cross-site Scripting vulnerability in Ujcms Jspxcms 10.2.0 A vulnerability was found in Jspxcms 10.2.0. | 6.1 |
| 2024-02-06 | CVE-2024-22238 | Cross-site Scripting vulnerability in VMWare Aria Operations for Networks Aria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privileges may be able to inject malicious code into user profile configurations due to improper input sanitization. | 4.8 |
| 2024-02-06 | CVE-2024-22241 | Cross-site Scripting vulnerability in VMWare Aria Operations for Networks Aria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privileges can inject a malicious payload into the login banner and takeover the user account. | 4.8 |
| 2024-02-06 | CVE-2024-24594 | Cross-site Scripting vulnerability in Clear Clearml A cross-site scripting (XSS) vulnerability in all versions of the web server component of Allegro AI’s ClearML platform allows a remote attacker to execute a JavaScript payload when a user views the Debug Samples tab in the web UI. | 5.4 |
| 2024-02-06 | CVE-2024-24937 | Cross-site Scripting vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2023.11.2 stored XSS via agent distribution was possible | 5.4 |
| 2024-02-05 | CVE-2024-0382 | Cross-site Scripting vulnerability in Bootstrapped WP Recipe Maker The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 9.1.0 due to unrestricted use of the 'header_tag' attribute. | 5.4 |
| 2024-02-05 | CVE-2024-0384 | Cross-site Scripting vulnerability in Bootstrapped WP Recipe Maker The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Recipe Notes in all versions up to, and including, 9.1.0 due to insufficient input sanitization and output escaping. | 5.4 |