Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-23 | CVE-2023-32340 | IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 is vulnerable to cross-site scripting. | 4.6 |
| 2025-01-23 | CVE-2023-50309 | IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 is vulnerable to stored cross-site scripting. | 6.4 |
| 2025-01-22 | CVE-2024-12477 | The Avada Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.11.11 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2025-01-22 | CVE-2024-51457 | IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.19 and 23.0.0 through 23.0.19 is vulnerable to cross-site scripting. | 4.4 |
| 2025-01-22 | CVE-2024-13319 | Cross-site Scripting vulnerability in Themify Builder The Themify Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 7.6.5. | 6.1 |
| 2025-01-22 | CVE-2024-12117 | Cross-site Scripting vulnerability in Gambit Stackable The Stackable – Page Builder Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' parameter of the Button block in all versions up to, and including, 3.13.11 due to insufficient input sanitization and output escaping. | 5.4 |
| 2025-01-22 | CVE-2024-13406 | Cross-site Scripting vulnerability in Icopydoc XML for Google Merchant Center The XML for Google Merchant Center plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'feed_id' parameter in all versions up to, and including, 3.0.11 due to insufficient input sanitization and output escaping. | 6.1 |
| 2025-01-22 | CVE-2024-13584 | Cross-site Scripting vulnerability in Videowhisper Picture Gallery The Picture Gallery – Frontend Image Uploads, AJAX Photo List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'videowhisper_pictures' shortcode in all versions up to, and including, 1.5.19 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-01-22 | CVE-2024-13590 | Cross-site Scripting vulnerability in Ayecode Ketchup Shortcodes The Ketchup Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'spacer' shortcode in all versions up to, and including, 0.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-01-21 | CVE-2024-11226 | The FireCask Like & Share Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'width' parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. | 6.4 |