Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-16 | CVE-2023-52068 | Cross-site Scripting vulnerability in Kodcloud Kodbox 1.43 kodbox v1.43 was discovered to contain a cross-site scripting (XSS) vulnerability via the operation and login logs. | 6.1 |
| 2024-01-16 | CVE-2024-22491 | Cross-site Scripting vulnerability in Beetl-Bbs Project Beetl-Bbs 2.0 A Stored Cross Site Scripting (XSS) vulnerability in beetl-bbs 2.0 allows attackers to run arbitrary code via the post/save content parameter. | 5.4 |
| 2024-01-16 | CVE-2021-24432 | Cross-site Scripting vulnerability in Berocket Advanced Ajax Product Filters The Advanced AJAX Product Filters WordPress plugin does not sanitise the 'term_id' POST parameter before outputting it in the page, leading to reflected Cross-Site Scripting issue. | 6.1 |
| 2024-01-16 | CVE-2021-24433 | Cross-site Scripting vulnerability in Yukimichi Simple Sort&Search 0.0.3 The simple sort&search WordPress plugin through 0.0.3 does not make sure that the indexurl parameter of the shortcodes "category_sims", "order_sims", "orderby_sims", "period_sims", and "tag_sims" use allowed URL protocols, which can lead to stored cross-site scripting by users with a role as low as Contributor | 5.4 |
| 2024-01-16 | CVE-2021-24559 | Cross-site Scripting vulnerability in Patrickposner Qyrr 0.5/0.6 The Qyrr WordPress plugin before 0.7 does not escape the data-uri of the QR Code when outputting it in a src attribute, allowing for Cross-Site Scripting attacks. | 5.4 |
| 2024-01-16 | CVE-2021-24567 | Cross-site Scripting vulnerability in Nickmomrik Simple Post 1.1 The Simple Post WordPress plugin through 1.1 does not sanitize user input when an authenticated user Text value, then it does not escape these values when outputting to the browser leading to an Authenticated Stored XSS Cross-Site Scripting issue. | 5.4 |
| 2024-01-16 | CVE-2022-0402 | Cross-site Scripting vulnerability in Super-Forms Super Forms The Super Forms - Drag & Drop Form Builder WordPress plugin before 6.0.4 does not escape the bob_czy_panstwa_sprawa_zostala_rozwiazana parameter before outputting it back in an attribute via the super_language_switcher AJAX action, leading to a Reflected Cross-Site Scripting. | 6.1 |
| 2024-01-16 | CVE-2022-23179 | Cross-site Scripting vulnerability in Themehunk Contact Form & Lead Form Elementor Builder The Contact Form & Lead Form Elementor Builder WordPress plugin before 1.7.0 does not escape some of its form fields before outputting them in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | 4.8 |
| 2024-01-16 | CVE-2022-2413 | Cross-site Scripting vulnerability in Simonpedge Slide Anything The Slide Anything WordPress plugin before 2.3.47 does not properly sanitize or escape the slide title before outputting it in the admin pages, allowing a logged in user with roles as low as Author to inject a javascript payload into the slide title even when the unfiltered_html capability is disabled. | 5.4 |
| 2024-01-16 | CVE-2022-3194 | Cross-site Scripting vulnerability in Wedevs Dokan The Dokan WordPress plugin before 3.6.4 allows vendors to inject arbitrary javascript in product reviews, which may allow them to run stored XSS attacks against other users like site administrators. | 5.4 |