Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-02 | CVE-2024-23553 | Cross-site Scripting vulnerability in Hcltech Bigfix Platform A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform exists due to missing a specific http header attribute. | 5.4 |
| 2024-02-02 | CVE-2023-37527 | Cross-site Scripting vulnerability in Hcltech Bigfix Platform A reflected cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code in the application session or in database, via remote injection, while rendering content in a web page. | 6.1 |
| 2024-02-02 | CVE-2024-23635 | Cross-site Scripting vulnerability in Antisamy Project Antisamy AntiSamy is a library for performing fast, configurable cleansing of HTML coming from untrusted sources. | 6.1 |
| 2024-02-02 | CVE-2023-47561 | Cross-site Scripting vulnerability in Qnap Photo Station 6.4.0 A cross-site scripting (XSS) vulnerability has been reported to affect Photo Station. | 5.4 |
| 2024-02-02 | CVE-2024-24160 | Cross-site Scripting vulnerability in Mrcms 3.0 MRCMS 3.0 contains a Cross-Site Scripting (XSS) vulnerability via /admin/system/saveinfo.do. | 5.4 |
| 2024-02-02 | CVE-2024-0963 | Cross-site Scripting vulnerability in Codepeople Calculated Fields Form The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's CP_CALCULATED_FIELDS shortcode in all versions up to, and including, 1.2.52 due to insufficient input sanitization and output escaping on user supplied 'location' attribute. | 5.4 |
| 2024-02-02 | CVE-2023-51072 | Cross-site Scripting vulnerability in Nagios XI A stored cross-site scripting (XSS) vulnerability in the NOC component of Nagios XI version up to and including 2024R1 allows low-privileged users to execute malicious HTML or JavaScript code via the audio file upload functionality from the Operation Center section. | 5.4 |
| 2024-02-02 | CVE-2024-23895 | Cross-site Scripting vulnerability in Ajaysharma Cups Easy 1.0 A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/locationcreate.php, in the locationid parameter. | 6.1 |
| 2024-02-02 | CVE-2024-24388 | Cross-site Scripting vulnerability in Xunruicms Cross-site scripting (XSS) vulnerability in XunRuiCMS versions v4.6.2 and before, allows remote attackers to obtain sensitive information via crafted malicious requests to the background login. | 6.1 |
| 2024-02-02 | CVE-2024-1143 | Cross-site Scripting vulnerability in Linecorp Central Dogma Central Dogma versions prior to 0.64.1 is vulnerable to Cross-Site Scripting (XSS), which could allow for the leakage of user sessions and subsequent authentication bypass. | 6.1 |