Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-25 | CVE-2023-52046 | Cross-site Scripting vulnerability in Webmin Cross Site Scripting vulnerability (XSS) in webmin v.2.105 and earlier allows a remote attacker to execute arbitrary code via a crafted payload to the "Execute cron job as" tab Input field. | 4.8 |
| 2024-01-25 | CVE-2024-22635 | Cross-site Scripting vulnerability in Webcalendar Project Webcalendar 1.3.0 WebCalendar v1.3.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /WebCalendarvqsmnseug2/edit_entry.php. | 6.1 |
| 2024-01-25 | CVE-2024-22637 | Cross-site Scripting vulnerability in Formtools Form Tools 3.1.1 Form Tools v3.1.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /form_builder/preview.php?form_id=2. | 6.1 |
| 2024-01-25 | CVE-2024-22639 | Cross-site Scripting vulnerability in Igalerie 3.0.22 iGalerie v3.0.22 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Titre (Title) field in the editing interface. | 6.1 |
| 2024-01-25 | CVE-2024-23817 | Cross-site Scripting vulnerability in Dolibarr Erp/Crm 18.0.4 Dolibarr is an enterprise resource planning (ERP) and customer relationship management (CRM) software package. | 6.1 |
| 2024-01-25 | CVE-2024-23855 | Cross-site Scripting vulnerability in Ajaysharma Cups Easy 1.0 A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/taxcodemodify.php, in multiple parameters. | 6.1 |
| 2024-01-25 | CVE-2023-6282 | Cross-site Scripting vulnerability in Icehrm 23.0.0.Os IceHrm 23.0.0.OS does not sufficiently encode user-controlled input, which creates a Cross-Site Scripting (XSS) vulnerability via /icehrm/app/fileupload_page.php, in multiple parameters. | 6.1 |
| 2024-01-25 | CVE-2023-33758 | Cross-site Scripting vulnerability in Splicecom Maximiser Soft PBX Splicecom Maximiser Soft PBX v1.5 and before was discovered to contain a cross-site scripting (XSS) vulnerability via the CLIENT_NAME and DEVICE_GUID fields in the login component. | 6.1 |
| 2024-01-25 | CVE-2024-0625 | Cross-site Scripting vulnerability in Wpfront Notification BAR The WPFront Notification Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpfront-notification-bar-options[custom_class]’ parameter in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output escaping. | 4.8 |
| 2024-01-25 | CVE-2024-0688 | Cross-site Scripting vulnerability in Pubsubhubbub Websub The "WebSub (FKA. | 4.8 |