Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2024-10-25 CVE-2024-10150 Cross-site Scripting vulnerability in Bamazoo Button Generator 1.0
The Bamazoo – Button Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's dgs shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
bamazoo CWE-79
5.4
5.4
2024-10-25 CVE-2024-10342 Cross-site Scripting vulnerability in Tezzeract League of Legends Shortcodes
The League of Legends Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
tezzeract CWE-79
5.4
5.4
2024-10-25 CVE-2024-10148 Cross-site Scripting vulnerability in Sohelwpexpert Awesome Buttons
The Awesome buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's btn2 shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
sohelwpexpert CWE-79
5.4
5.4
2024-10-25 CVE-2024-47801 Cross-site Scripting vulnerability in multiple products
Sharp and Toshiba Tec MFPs improperly process query parameters in HTTP requests, resulting in a reflected cross-site scripting vulnerability. Accessing a crafted URL which points to an affected product may cause malicious script executed on the web browser.
network
low complexity
toshibatec sharp CWE-79
6.1
6.1
2024-10-25 CVE-2024-48870 Cross-site Scripting vulnerability in multiple products
Sharp and Toshiba Tec MFPs improperly validate input data in URI data registration, resulting in a stored cross-site scripting vulnerability. If crafted input is stored by an administrative user, malicious script may be executed on the web browsers of other victim users.
network
low complexity
toshibatec sharp CWE-79
4.8
4.8
2024-10-25 CVE-2024-9607 Cross-site Scripting vulnerability in 10Web Social Post Feed
The 10Web Social Post Feed plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.2.9.
network
low complexity
10web CWE-79
6.1
6.1
2024-10-24 CVE-2024-10348 Cross-site Scripting vulnerability in Mayurik Best House Rental Management System 1.0
A vulnerability was found in SourceCodester Best House Rental Management System 1.0.
network
low complexity
mayurik CWE-79
5.4
5.4
2024-10-24 CVE-2024-47878 Cross-site Scripting vulnerability in Openrefine
OpenRefine is a free, open source tool for working with messy data.
network
low complexity
openrefine CWE-79
6.1
6.1
2024-10-24 CVE-2024-47880 Cross-site Scripting vulnerability in Openrefine
OpenRefine is a free, open source tool for working with messy data.
network
high complexity
openrefine CWE-79
6.9
6.9
2024-10-24 CVE-2024-47882 Cross-site Scripting vulnerability in Openrefine
OpenRefine is a free, open source tool for working with messy data.
network
low complexity
openrefine CWE-79
6.1
6.1