Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2024-01-16 CVE-2024-0554 Cross-site Scripting vulnerability in Xantech Wic1200 Firmware 1.1
A Cross-site scripting (XSS) vulnerability has been found on WIC1200, affecting version 1.1.
network
low complexity
xantech CWE-79
5.4
5.4
2024-01-16 CVE-2023-41619 Cross-site Scripting vulnerability in Emlog 2.1.14
Emlog Pro v2.1.14 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/article.php?action=write.
network
low complexity
emlog CWE-79
6.1
6.1
2024-01-16 CVE-2023-48104 Cross-site Scripting vulnerability in Alinto Sogo
Alinto SOGo before 5.9.1 is vulnerable to HTML Injection.
network
low complexity
alinto CWE-79
6.1
6.1
2024-01-15 CVE-2023-4925 Cross-site Scripting vulnerability in Yikesinc Easy Forms for Mailchimp
The Easy Forms for Mailchimp WordPress plugin through 6.8.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
network
low complexity
yikesinc CWE-79
4.8
4.8
2024-01-15 CVE-2023-6050 Cross-site Scripting vulnerability in Estatik
The Estatik Real Estate Plugin WordPress plugin before 4.1.1 does not sanitise and escape various parameters and generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin
network
low complexity
estatik CWE-79
6.1
6.1
2024-01-15 CVE-2023-6163 Cross-site Scripting vulnerability in Themeum WP Crowdfunding
The WP Crowdfunding WordPress plugin before 2.1.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
network
low complexity
themeum CWE-79
4.8
4.8
2024-01-15 CVE-2023-6941 Cross-site Scripting vulnerability in Keap Official Opt-In Forms 1.0.11
The Keap Official Opt-in Forms WordPress plugin through 1.0.11 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup).
network
low complexity
keap CWE-79
4.8
4.8
2024-01-13 CVE-2024-0251 Cross-site Scripting vulnerability in Advanced-Woo-Search Advanced WOO Search
The Advanced Woo Search plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search parameter in all versions up to, and including, 2.96 due to insufficient input sanitization and output escaping.
network
low complexity
advanced-woo-search CWE-79
6.1
6.1
2024-01-13 CVE-2024-0476 Cross-site Scripting vulnerability in PHPgurukul Blood Bank & Donor Management System 1.0
A vulnerability, which was classified as problematic, was found in Blood Bank & Donor Management 1.0.
network
low complexity
phpgurukul CWE-79
4.8
4.8
2024-01-13 CVE-2023-51063 Cross-site Scripting vulnerability in Qstar Archive Storage Manager 30
QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 was discovered to contain a DOM Based Reflected Cross Site Scripting (XSS) vulnerability within the component qnme-ajax?method=tree_level.
network
low complexity
qstar CWE-79
8.8
8.8