Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-22 | CVE-2023-6626 | Cross-site Scripting vulnerability in Gravitymaster Product Enquiry for Woocommerce 3.0 The Product Enquiry for WooCommerce WordPress plugin before 3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 4.8 |
| 2024-01-22 | CVE-2023-7170 | Cross-site Scripting vulnerability in Myeventon Rsvp Events The EventON-RSVP WordPress plugin before 2.9.5 does not sanitise and escape some parameters before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 6.1 |
| 2024-01-22 | CVE-2023-7194 | Cross-site Scripting vulnerability in Meris WP Theme Project Meris WP Theme 1.1.2 The Meris WordPress theme through 1.1.2 does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 6.1 |
| 2024-01-22 | CVE-2024-0606 | Cross-site Scripting vulnerability in Mozilla Firefox Focus An attacker could execute unauthorized script on a legitimate site through UXSS using window.open() by opening a javascript URI leading to unauthorized actions within the user's loaded webpage. | 6.1 |
| 2024-01-21 | CVE-2024-23725 | Cross-site Scripting vulnerability in Ghost Ghost before 5.76.0 allows XSS via a post excerpt in excerpt.js. | 6.1 |
| 2024-01-20 | CVE-2023-7063 | Cross-site Scripting vulnerability in Wpforms The WPForms Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form submission parameters in all versions up to, and including, 1.8.5.3 due to insufficient input sanitization and output escaping. | 6.1 |
| 2024-01-19 | CVE-2024-0758 | Cross-site Scripting vulnerability in Ipb-Halle Molecularfaces MolecularFaces before 0.3.0 is vulnerable to cross site scripting. | 6.1 |
| 2024-01-19 | CVE-2024-22420 | Cross-site Scripting vulnerability in multiple products JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Architecture. | 6.1 |
| 2024-01-19 | CVE-2024-0726 | Cross-site Scripting vulnerability in Projectworlds Student Project Allocation System 1.0 A vulnerability was found in Project Worlds Student Project Allocation System 1.0. | 6.1 |
| 2024-01-19 | CVE-2023-51946 | Cross-site Scripting vulnerability in Actidata Actinas SL 2U-8 RDX Firmware 3.2.03 Multiple reflected cross-site scripting (XSS) vulnerabilities in nasSvr.php in actidata actiNAS-SL-2U-8 3.2.03-SP1 allow remote attackers to inject arbitrary web script or HTML. | 6.1 |