Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-22 | CVE-2024-0606 | Cross-site Scripting vulnerability in Mozilla Firefox Focus An attacker could execute unauthorized script on a legitimate site through UXSS using window.open() by opening a javascript URI leading to unauthorized actions within the user's loaded webpage. | 6.1 |
| 2024-01-21 | CVE-2024-23725 | Cross-site Scripting vulnerability in Ghost Ghost before 5.76.0 allows XSS via a post excerpt in excerpt.js. | 6.1 |
| 2024-01-20 | CVE-2023-7063 | Cross-site Scripting vulnerability in Wpforms The WPForms Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form submission parameters in all versions up to, and including, 1.8.5.3 due to insufficient input sanitization and output escaping. | 6.1 |
| 2024-01-19 | CVE-2024-0758 | Cross-site Scripting vulnerability in Ipb-Halle Molecularfaces MolecularFaces before 0.3.0 is vulnerable to cross site scripting. | 6.1 |
| 2024-01-19 | CVE-2024-22420 | Cross-site Scripting vulnerability in multiple products JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Architecture. | 6.1 |
| 2024-01-19 | CVE-2024-0726 | Cross-site Scripting vulnerability in Projectworlds Student Project Allocation System 1.0 A vulnerability was found in Project Worlds Student Project Allocation System 1.0. | 6.1 |
| 2024-01-19 | CVE-2023-51946 | Cross-site Scripting vulnerability in Actidata Actinas SL 2U-8 RDX Firmware 3.2.03 Multiple reflected cross-site scripting (XSS) vulnerabilities in nasSvr.php in actidata actiNAS-SL-2U-8 3.2.03-SP1 allow remote attackers to inject arbitrary web script or HTML. | 6.1 |
| 2024-01-19 | CVE-2024-22876 | Cross-site Scripting vulnerability in Strangebee Thehive StrangeBee TheHive 5.1.0 to 5.1.9 and 5.2.0 to 5.2.8 is vulnerable to Cross Site Scripting (XSS) in the case attachment functionality which enables an attacker to upload a malicious HTML file with Javascript code that will be executed in the context of the The Hive application using a specific URL. | 5.4 |
| 2024-01-19 | CVE-2024-22877 | Cross-site Scripting vulnerability in Strangebee Thehive 5.2.0/5.2.8 StrangeBee TheHive 5.2.0 to 5.2.8 is vulnerable to Cross Site Scripting (XSS) in the case reporting functionality. | 5.4 |
| 2024-01-19 | CVE-2024-23659 | Cross-site Scripting vulnerability in Spip SPIP before 4.1.14 and 4.2.x before 4.2.8 allows XSS via the name of an uploaded file. | 6.1 |