Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-29 | CVE-2023-6530 | Cross-site Scripting vulnerability in Theme-Junkie TJ Shortcodes The TJ Shortcodes WordPress plugin through 0.1.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 5.4 |
| 2024-01-29 | CVE-2023-7089 | Cross-site Scripting vulnerability in Benjaminzekavica Easy SVG Support 1.0 The Easy SVG Allow WordPress plugin through 1.0 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. | 5.4 |
| 2024-01-29 | CVE-2023-7200 | Cross-site Scripting vulnerability in Myeventon Eventon The EventON WordPress plugin before 4.4.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 6.1 |
| 2024-01-29 | CVE-2024-22559 | Cross-site Scripting vulnerability in Lightcms Project Lightcms 2.0 LightCMS v2.0 is vulnerable to Cross Site Scripting (XSS) in the Content Management - Articles field. | 5.4 |
| 2024-01-29 | CVE-2023-5378 | Cross-site Scripting vulnerability in multiple products Improper Input Validation vulnerability in MegaBIP and already unsupported SmodBIP software allows for Stored XSS.This issue affects SmodBIP in all versions and MegaBIP in versions up to 4.36.2. MegaBIP 5.08 was tested and is not vulnerable. | 5.4 |
| 2024-01-28 | CVE-2024-23782 | Cross-site Scripting vulnerability in Appleple A-Blog CMS Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier versions. | 5.4 |
| 2024-01-27 | CVE-2023-48201 | Cross-site Scripting vulnerability in Sunlight-Cms Sunlight CMS 8.0.1 Cross Site Scripting (XSS) vulnerability in Sunlight CMS v.8.0.1, allows remote authenticated attackers to execute arbitrary code and escalate privileges via a crafted script to the Content text editor component. | 5.4 |
| 2024-01-27 | CVE-2023-48202 | Cross-site Scripting vulnerability in Sunlight-Cms Sunlight CMS 8.0.1 Cross-Site Scripting (XSS) vulnerability in Sunlight CMS 8.0.1 allows an authenticated low-privileged user to escalate privileges via a crafted SVG file in the File Manager component. | 5.4 |
| 2024-01-27 | CVE-2024-0618 | Cross-site Scripting vulnerability in Fluentforms Contact Form The Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via imported form titles in all versions up to, and including, 5.1.5 due to insufficient input sanitization and output escaping. | 4.8 |
| 2024-01-27 | CVE-2024-0958 | Cross-site Scripting vulnerability in Swapnilsahu Stock Management System 1.0 A vulnerability was found in CodeAstro Stock Management System 1.0 and classified as problematic. | 5.4 |