Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2024-01-04 CVE-2023-6498 Cross-site Scripting vulnerability in Really-Simple-Plugins Complianz
The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to and including 6.5.5 due to insufficient input sanitization and output escaping.
network
low complexity
really-simple-plugins CWE-79
4.8
4.8
2024-01-04 CVE-2023-6738 Cross-site Scripting vulnerability in Pagelayer
The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pagelayer_header_code', 'pagelayer_body_open_code', and 'pagelayer_footer_code' meta fields in all versions up to, and including, 1.7.8 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
pagelayer CWE-79
5.4
5.4
2024-01-03 CVE-2023-5880 Cross-site Scripting vulnerability in Geniecompany Aladdin Connect Garage Door Opener Firmware
When the Genie Company Aladdin Connect garage door opener (Retrofit-Kit Model ALDCM) is placed into configuration mode the web servers “Garage Door Control Module Setup” page is vulnerable to XSS via a broadcast SSID name containing malicious code with client side Java Script and/or HTML.
network
low complexity
geniecompany CWE-79
8.8
8.8
2024-01-03 CVE-2024-21908 Cross-site Scripting vulnerability in Tiny Tinymce
TinyMCE versions before 5.9.0 are affected by a stored cross-site scripting vulnerability.
network
low complexity
tiny CWE-79
6.1
6.1
2024-01-03 CVE-2024-21910 Cross-site Scripting vulnerability in Tiny Tinymce
TinyMCE versions before 5.10.0 are affected by a cross-site scripting vulnerability.
network
low complexity
tiny CWE-79
6.1
6.1
2024-01-03 CVE-2024-21911 Cross-site Scripting vulnerability in Tiny Tinymce
TinyMCE versions before 5.6.0 are affected by a stored cross-site scripting vulnerability.
network
low complexity
tiny CWE-79
6.1
6.1
2024-01-03 CVE-2023-50092 Cross-site Scripting vulnerability in Apiida API Gateway Manager 2023.02.02
APIIDA API Gateway Manager for Broadcom Layer7 v2023.2 is vulnerable to Cross Site Scripting (XSS).
network
low complexity
apiida CWE-79
6.1
6.1
2024-01-03 CVE-2023-6621 Cross-site Scripting vulnerability in Wpexperts Post Smtp
The POST SMTP WordPress plugin before 2.8.7 does not sanitise and escape the msg parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
network
low complexity
wpexperts CWE-79
6.1
6.1
2024-01-03 CVE-2023-6747 Cross-site Scripting vulnerability in Fooplugins Foogallery
The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom attributes in all versions up to, and including, 2.3.3 due to insufficient input sanitization and output escaping.
network
low complexity
fooplugins CWE-79
5.4
5.4
2024-01-03 CVE-2023-6986 Cross-site Scripting vulnerability in Wpdeveloper Embedpress
The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's embed_oembed_html shortcode in all versions up to 3.9.5 (exclusive) due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
wpdeveloper CWE-79
5.4
5.4