Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2024-10-23 CVE-2024-10286 Cross-site Scripting vulnerability in Ujangrohidin Localserver 1.0.9
Cross-Site Scripting (XSS) vulnerability affecting LocalServer 1.0.9 that could allow a remote user to send a specially crafted query to an authenticated user and steal their session details through /testmail/index.php, parameter to.
network
low complexity
ujangrohidin CWE-79
6.1
6.1
2024-10-23 CVE-2024-10287 Cross-site Scripting vulnerability in Ujangrohidin Localserver 1.0.9
Cross-Site Scripting (XSS) vulnerability affecting LocalServer 1.0.9 that could allow a remote user to send a specially crafted query to an authenticated user and steal their session details through /mlss/ForgotPassword, parameter ListName.
network
low complexity
ujangrohidin CWE-79
6.1
6.1
2024-10-23 CVE-2024-10288 Cross-site Scripting vulnerability in Ujangrohidin Localserver 1.0.9
Cross-Site Scripting (XSS) vulnerability affecting LocalServer 1.0.9 that could allow a remote user to send a specially crafted query to an authenticated user and steal their session details through /mlss/SubscribeToList, parameter ListName.
network
low complexity
ujangrohidin CWE-79
6.1
6.1
2024-10-23 CVE-2024-10289 Cross-site Scripting vulnerability in Ujangrohidin Localserver 1.0.9
Cross-Site Scripting (XSS) vulnerability affecting LocalServer 1.0.9 that could allow a remote user to send a specially crafted query to an authenticated user and steal their session details through /mlss/ManageSubscription, parameter MSubListName.
network
low complexity
ujangrohidin CWE-79
6.1
6.1
2024-10-23 CVE-2024-8500 Cross-site Scripting vulnerability in Getshortcodes Shortcodes Ultimate
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the several parameters in all versions up to, and including, 7.2.2 due to insufficient input sanitization and output escaping.
network
low complexity
getshortcodes CWE-79
5.4
5.4
2024-10-22 CVE-2024-48415 Cross-site Scripting vulnerability in Loan Management System Project Loan Management System 1.0
itsourcecode Loan Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via a crafted payload to the lastname, firstname, middlename, address, contact_no, email and tax_id parameters in new borrowers functionality on the Borrowers page.
local
low complexity
loan-management-system-project CWE-79
5.0
5.0
2024-10-22 CVE-2024-48652 Cross-site Scripting vulnerability in Tuzitio Camaleon CMS 2.7.5
Cross Site Scripting vulnerability in camaleon-cms v.2.7.5 allows remote attacker to execute arbitrary code via the content group name field.
network
low complexity
tuzitio CWE-79
4.8
4.8
2024-10-22 CVE-2024-48656 Cross-site Scripting vulnerability in Angeljudesuarez Student Management System 1.0
Cross Site Scripting vulnerability in student management system in php with source code v.1.0.0 allows a remote attacker to execute arbitrary code.
network
low complexity
angeljudesuarez CWE-79
4.8
4.8
2024-10-22 CVE-2024-46538 Cross-site Scripting vulnerability in Netgate Pfsense 2.5.2
A cross-site scripting (XSS) vulnerability in pfsense v2.5.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the $pconfig variable at interfaces_groups_edit.php.
network
low complexity
netgate CWE-79
4.8
4.8
2024-10-22 CVE-2024-48706 Cross-site Scripting vulnerability in O-Dyn Collabtive 3.1
Collabtive 3.1 is vulnerable to Cross-site scripting (XSS) via the title parameter with action=add or action=editform within the (a) managemessage.php file and (b) managetask.php file respectively.
network
low complexity
o-dyn CWE-79
5.4
5.4