Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-11 | CVE-2024-11327 | The ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.4.1. | 6.1 |
| 2025-01-11 | CVE-2024-12505 | The Trackserver plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tsmap' shortcode in all versions up to, and including, 5.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2025-01-10 | CVE-2025-23110 | Cross-site Scripting vulnerability in Vanderbilt Redcap 14.9.6 An issue was discovered in REDCap 14.9.6. | 6.1 |
| 2025-01-10 | CVE-2025-23111 | Cross-site Scripting vulnerability in Vanderbilt Redcap 14.9.6 An issue was discovered in REDCap 14.9.6. | 6.1 |
| 2025-01-10 | CVE-2025-23112 | Cross-site Scripting vulnerability in Vanderbilt Redcap 14.9.6 An issue was discovered in REDCap 14.9.6. | 6.1 |
| 2025-01-10 | CVE-2024-13183 | Cross-site Scripting vulnerability in Themeisle Orbit FOX The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title_tag’ parameter in all versions up to, and including, 2.10.43 due to insufficient input sanitization and output escaping. | 5.4 |
| 2025-01-10 | CVE-2025-0311 | Cross-site Scripting vulnerability in Themeisle Orbit FOX The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table widget in all versions up to, and including, 2.10.43 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-01-09 | CVE-2024-56376 | Cross-site Scripting vulnerability in Vanderbilt Redcap 14.9.6 A stored cross-site scripting (XSS) vulnerability in the built-in messenger of REDCap 14.9.6 allows authenticated users to inject malicious scripts into the message field. | 5.4 |
| 2025-01-09 | CVE-2024-56377 | Cross-site Scripting vulnerability in Vanderbilt Redcap 14.9.6 A stored cross-site scripting (XSS) vulnerability in survey titles of REDCap 14.9.6 allows authenticated users to inject malicious scripts into the Survey Title field or Survey Instructions. | 5.4 |
| 2025-01-09 | CVE-2025-22815 | Cross-site Scripting vulnerability in Bplugins Button Block Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins LLC Button Block allows Stored XSS.This issue affects Button Block: from n/a through 1.1.6. | 5.4 |