Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-11 | CVE-2023-6994 | Cross-site Scripting vulnerability in Fernandobriano List Category Posts The List category posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'catlist' shortcode in all versions up to, and including, 0.89.3 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-01-11 | CVE-2023-7070 | Cross-site Scripting vulnerability in Jannisthuemmig Email Encoder 2.1.8/2.1.9 The Email Encoder – Protect Email Addresses and Phone Numbers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's eeb_mailto shortcode in all versions up to, and including, 2.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-01-11 | CVE-2023-7071 | Cross-site Scripting vulnerability in Wpdeveloper Essential Blocks The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Table of Contents block in all versions up to, and including, 4.4.6 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-01-11 | CVE-2023-6446 | Cross-site Scripting vulnerability in Dwbooster Calculated Fields Form The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.40 due to insufficient input sanitization and output escaping. | 4.8 |
| 2024-01-11 | CVE-2022-40361 | Cross-site Scripting vulnerability in Elitecms Elite CMS 1.2.11 Cross Site Scripting Vulnerability in Elite CRM v1.2.11 allows attacker to execute arbitrary code via the language parameter to the /ngs/login endpoint. | 6.1 |
| 2024-01-11 | CVE-2023-52274 | Cross-site Scripting vulnerability in Yzmcms 7.0 member/index/register.html in YzmCMS 6.5 through 7.0 allows XSS via the Referer HTTP header. | 6.1 |
| 2024-01-11 | CVE-2024-22195 | Cross-site Scripting vulnerability in Palletsprojects Jinja Jinja is an extensible templating engine. | 6.1 |
| 2024-01-10 | CVE-2023-47861 | Cross-site Scripting vulnerability in Wwbn Avideo 11.6/15Fed957Fb A cross-site scripting (xss) vulnerability exists in the channelBody.php user name functionality of WWBN AVideo 11.6 and dev master commit 15fed957fb. | 5.4 |
| 2024-01-10 | CVE-2023-48728 | Cross-site Scripting vulnerability in Wwbn Avideo 11.6/3C6Bb3Ff A cross-site scripting (xss) vulnerability exists in the functiongetOpenGraph videoName functionality of WWBN AVideo 11.6 and dev master commit 3c6bb3ff. | 6.1 |
| 2024-01-10 | CVE-2023-48730 | Cross-site Scripting vulnerability in Wwbn Avideo 15Fed957Fb A cross-site scripting (xss) vulnerability exists in the navbarMenuAndLogo.php user name functionality of WWBN AVideo dev master commit 15fed957fb. | 5.4 |