Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-30 | CVE-2023-7225 | Cross-site Scripting vulnerability in Mappresspro Mappress The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the width and height parameters in all versions up to, and including, 2.88.16 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-01-30 | CVE-2023-37571 | Cross-site Scripting vulnerability in Softing TH Scope 3.5 Softing TH SCOPE through 3.70 allows XSS. | 6.1 |
| 2024-01-30 | CVE-2023-51843 | Cross-site Scripting vulnerability in Flatlogic React Dashboard 1.4.0 react-dashboard 1.4.0 is vulnerable to Cross Site Scripting (XSS) as httpOnly is not set. | 8.2 |
| 2024-01-29 | CVE-2024-22570 | Cross-site Scripting vulnerability in Njtech Greencms 2.3 A stored cross-site scripting (XSS) vulnerability in /install.php?m=install&c=index&a=step3 of GreenCMS v2.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | 5.4 |
| 2024-01-29 | CVE-2024-24136 | Cross-site Scripting vulnerability in Remyandrade Math Game 1.0 The 'Your Name' field in the Submit Score section of Sourcecodester Math Game with Leaderboard v1.0 is vulnerable to Cross-Site Scripting (XSS) attacks. | 6.1 |
| 2024-01-29 | CVE-2024-24134 | Cross-site Scripting vulnerability in Remyandrade Online Food Menu 1.0 Sourcecodester Online Food Menu 1.0 is vulnerable to Cross Site Scripting (XSS) via the 'Menu Name' and 'Description' fields in the Update Menu section. | 4.8 |
| 2024-01-29 | CVE-2024-24135 | Cross-site Scripting vulnerability in Remyandrade Product Inventory With Export to Excel 1.0 Product Name and Product Code in the 'Add Product' section of Sourcecodester Product Inventory with Export to Excel 1.0 are vulnerable to XSS attacks. | 6.1 |
| 2024-01-29 | CVE-2024-1010 | Cross-site Scripting vulnerability in Employee Management System Project Employee Management System 1.0 A vulnerability classified as problematic has been found in SourceCodester Employee Management System 1.0. | 5.4 |
| 2024-01-29 | CVE-2023-5124 | Cross-site Scripting vulnerability in Pagelayer The Page Builder: Pagelayer WordPress plugin before 1.8.0 doesn't prevent attackers with administrator privileges from inserting malicious JavaScript inside a post's header or footer code, even when unfiltered_html is disallowed, such as in multi-site WordPress configurations. | 4.8 |
| 2024-01-29 | CVE-2023-5943 | Cross-site Scripting vulnerability in Markusbegerow Wp-Adv-Quiz 1.0.2 The Wp-Adv-Quiz WordPress plugin before 1.0.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. | 4.8 |