Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-29 | CVE-2024-22570 | Cross-site Scripting vulnerability in Njtech Greencms 2.3 A stored cross-site scripting (XSS) vulnerability in /install.php?m=install&c=index&a=step3 of GreenCMS v2.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | 5.4 |
| 2024-01-29 | CVE-2024-24136 | Cross-site Scripting vulnerability in Remyandrade Math Game 1.0 The 'Your Name' field in the Submit Score section of Sourcecodester Math Game with Leaderboard v1.0 is vulnerable to Cross-Site Scripting (XSS) attacks. | 6.1 |
| 2024-01-29 | CVE-2024-24134 | Cross-site Scripting vulnerability in Remyandrade Online Food Menu 1.0 Sourcecodester Online Food Menu 1.0 is vulnerable to Cross Site Scripting (XSS) via the 'Menu Name' and 'Description' fields in the Update Menu section. | 4.8 |
| 2024-01-29 | CVE-2024-24135 | Cross-site Scripting vulnerability in Remyandrade Product Inventory With Export to Excel 1.0 Product Name and Product Code in the 'Add Product' section of Sourcecodester Product Inventory with Export to Excel 1.0 are vulnerable to XSS attacks. | 6.1 |
| 2024-01-29 | CVE-2024-1010 | Cross-site Scripting vulnerability in Employee Management System Project Employee Management System 1.0 A vulnerability classified as problematic has been found in SourceCodester Employee Management System 1.0. | 5.4 |
| 2024-01-29 | CVE-2023-5124 | Cross-site Scripting vulnerability in Pagelayer The Page Builder: Pagelayer WordPress plugin before 1.8.0 doesn't prevent attackers with administrator privileges from inserting malicious JavaScript inside a post's header or footer code, even when unfiltered_html is disallowed, such as in multi-site WordPress configurations. | 4.8 |
| 2024-01-29 | CVE-2023-5943 | Cross-site Scripting vulnerability in Markusbegerow Wp-Adv-Quiz 1.0.2 The Wp-Adv-Quiz WordPress plugin before 1.0.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. | 4.8 |
| 2024-01-29 | CVE-2023-5956 | Cross-site Scripting vulnerability in Markusbegerow Wp-Adv-Quiz 1.0.2 The Wp-Adv-Quiz WordPress plugin through 1.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 4.8 |
| 2024-01-29 | CVE-2023-6165 | Cross-site Scripting vulnerability in Benaceur-PHP Restrict Usernames Emails Characters The Restrict Usernames Emails Characters WordPress plugin before 3.1.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | 4.8 |
| 2024-01-29 | CVE-2023-6278 | Cross-site Scripting vulnerability in Biteship The Biteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo WordPress plugin before 2.2.25 does not sanitise and escape the biteship_error and biteship_message parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 6.1 |