Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-29 | CVE-2023-5956 | Cross-site Scripting vulnerability in Markusbegerow Wp-Adv-Quiz 1.0.2 The Wp-Adv-Quiz WordPress plugin through 1.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 4.8 |
| 2024-01-29 | CVE-2023-6165 | Cross-site Scripting vulnerability in Benaceur-PHP Restrict Usernames Emails Characters The Restrict Usernames Emails Characters WordPress plugin before 3.1.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | 4.8 |
| 2024-01-29 | CVE-2023-6278 | Cross-site Scripting vulnerability in Biteship The Biteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo WordPress plugin before 2.2.25 does not sanitise and escape the biteship_error and biteship_message parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 6.1 |
| 2024-01-29 | CVE-2023-6530 | Cross-site Scripting vulnerability in Theme-Junkie TJ Shortcodes The TJ Shortcodes WordPress plugin through 0.1.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 5.4 |
| 2024-01-29 | CVE-2023-7089 | Cross-site Scripting vulnerability in Benjaminzekavica Easy SVG Support 1.0 The Easy SVG Allow WordPress plugin through 1.0 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. | 5.4 |
| 2024-01-29 | CVE-2023-7200 | Cross-site Scripting vulnerability in Myeventon Eventon The EventON WordPress plugin before 4.4.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 6.1 |
| 2024-01-29 | CVE-2024-22559 | Cross-site Scripting vulnerability in Lightcms Project Lightcms 2.0 LightCMS v2.0 is vulnerable to Cross Site Scripting (XSS) in the Content Management - Articles field. | 5.4 |
| 2024-01-29 | CVE-2023-5378 | Cross-site Scripting vulnerability in multiple products Improper Input Validation vulnerability in MegaBIP and already unsupported SmodBIP software allows for Stored XSS.This issue affects SmodBIP in all versions and MegaBIP in versions up to 4.36.2. MegaBIP 5.08 was tested and is not vulnerable. | 5.4 |
| 2024-01-28 | CVE-2024-23782 | Cross-site Scripting vulnerability in Appleple A-Blog CMS Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier versions. | 5.4 |
| 2024-01-27 | CVE-2023-48201 | Cross-site Scripting vulnerability in Sunlight-Cms Sunlight CMS 8.0.1 Cross Site Scripting (XSS) vulnerability in Sunlight CMS v.8.0.1, allows remote authenticated attackers to execute arbitrary code and escalate privileges via a crafted script to the Content text editor component. | 5.4 |