Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2024-02-02 CVE-2024-1073 Cross-site Scripting vulnerability in Wp-Slimstat Slimstat Analytics
The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'filter_array' parameter in all versions up to, and including, 5.1.3 due to insufficient input sanitization and output escaping.
network
low complexity
wp-slimstat CWE-79
5.4
5.4
2024-02-02 CVE-2024-21485 Cross-site Scripting vulnerability in Plotly Dash
Versions of the package dash-core-components before 2.13.0; versions of the package dash-core-components before 2.0.0; versions of the package dash before 2.15.0; versions of the package dash-html-components before 2.0.0; versions of the package dash-html-components before 2.0.16 are vulnerable to Cross-site Scripting (XSS) when the href of the a tag is controlled by an adversary.
network
low complexity
plotly CWE-79
5.4
5.4
2024-02-02 CVE-2023-46344 Cross-site Scripting vulnerability in Solar-Log 2000 Pm+ Firmware 15.10.2019
A vulnerability in Solar-Log Base 15 Firmware 6.0.1 Build 161, and possibly other Solar-Log Base products, allows an attacker to escalate their privileges by exploiting a stored cross-site scripting (XSS) vulnerability in the switch group function under /#ilang=DE&b=c_smartenergy_swgroups in the web portal.
network
low complexity
solar-log CWE-79
5.4
5.4
2024-02-02 CVE-2023-50933 Cross-site Scripting vulnerability in IBM Powersc 1.3/2.0/2.1
IBM PowerSC 1.3, 2.0, and 2.1 is vulnerable to HTML injection.
network
low complexity
ibm CWE-79
6.1
6.1
2024-02-01 CVE-2024-22927 Cross-site Scripting vulnerability in Eyoucms 1.6.5
Cross Site Scripting (XSS) vulnerability in the func parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL.
network
low complexity
eyoucms CWE-79
6.1
6.1
2024-02-01 CVE-2024-23031 Cross-site Scripting vulnerability in Eyoucms 1.6.5
Cross Site Scripting (XSS) vulnerability in is_water parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL.
network
low complexity
eyoucms CWE-79
6.1
6.1
2024-02-01 CVE-2024-23032 Cross-site Scripting vulnerability in Eyoucms 1.6.5
Cross Site Scripting vulnerability in num parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL.
network
low complexity
eyoucms CWE-79
6.1
6.1
2024-02-01 CVE-2024-23033 Cross-site Scripting vulnerability in Eyoucms 1.6.5
Cross Site Scripting vulnerability in the path parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL.
network
low complexity
eyoucms CWE-79
6.1
6.1
2024-02-01 CVE-2024-23034 Cross-site Scripting vulnerability in Eyoucms 1.6.5
Cross Site Scripting vulnerability in the input parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL.
network
low complexity
eyoucms CWE-79
6.1
6.1
2024-02-01 CVE-2024-24041 Cross-site Scripting vulnerability in Remyandrade Travel Journal Using PHP and Mysql With Source Code 1.0
A stored cross-site scripting (XSS) vulnerability in Travel Journal Using PHP and MySQL with Source Code v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the location parameter at /travel-journal/write-journal.php.
network
low complexity
remyandrade CWE-79
6.1
6.1