Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-09 | CVE-2024-0226 | Cross-site Scripting vulnerability in Synopsys Seeker Synopsys Seeker versions prior to 2023.12.0 are vulnerable to a stored cross-site scripting vulnerability through a specially crafted payload. | 5.4 |
| 2024-01-09 | CVE-2022-28975 | Cross-site Scripting vulnerability in Infoblox Nios 8.5.2409296 A stored cross-site scripting (XSS) vulnerability in Infoblox NIOS v8.5.2-409296 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the VLAN View Name field. | 5.4 |
| 2024-01-09 | CVE-2024-22370 | Cross-site Scripting vulnerability in Jetbrains Youtrack In JetBrains YouTrack before 2023.3.22666 stored XSS via markdown was possible | 5.4 |
| 2024-01-09 | CVE-2023-6148 | Cross-site Scripting vulnerability in Qualys Policy Compliance 1.0.5 Qualys Jenkins Plugin for Policy Compliance prior to version and including 1.0.5 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services. | 5.4 |
| 2024-01-09 | CVE-2023-6830 | Cross-site Scripting vulnerability in Strategy11 Formidable Form Builder The Formidable Forms plugin for WordPress is vulnerable to HTML injection in versions up to, and including, 6.7. | 6.1 |
| 2024-01-09 | CVE-2023-6842 | Cross-site Scripting vulnerability in Strategy11 Formidable Form Builder The Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the name field label and description field label parameter in all versions up to 6.7 (inclusive) due to insufficient input sanitization and output escaping. | 4.8 |
| 2024-01-09 | CVE-2023-6594 | Cross-site Scripting vulnerability in Maxfoundry Maxbuttons The WordPress Button Plugin MaxButtons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 9.7.4 due to insufficient input sanitization and output escaping. | 4.8 |
| 2024-01-09 | CVE-2023-26998 | Cross-site Scripting vulnerability in Netscout Ngeniusone 6.3.4 Cross Site Scripting vulnerability found in NetScoutnGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code via the creator parameter of the Alert Configuration page. | 5.4 |
| 2024-01-09 | CVE-2023-27000 | Cross-site Scripting vulnerability in Netscout Ngeniusone 6.3.4 Cross Site Scripting vulnerability found in NetScoutnGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code via the name parameter of the Profile and Exclusion List page(s). | 6.1 |
| 2024-01-08 | CVE-2023-27739 | Cross-site Scripting vulnerability in Easyxdm 2.5 easyXDM 2.5 allows XSS via the xdm_e parameter. | 6.1 |