Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2024-10-22 CVE-2024-9231 Cross-site Scripting vulnerability in Butlerblog Wp-Members
The WP-Members Membership Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.4.9.5.
network
low complexity
butlerblog CWE-79
6.1
2024-10-22 CVE-2024-9589 Cross-site Scripting vulnerability in Aftabhusain Category and Taxonomy Meta Fields
The Category and Taxonomy Meta Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'new_meta_name' parameter in the 'wpaft_option_page' function in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
aftabhusain CWE-79
4.8
2024-10-22 CVE-2024-9590 Cross-site Scripting vulnerability in Aftabhusain Category and Taxonomy Meta Fields
The Category and Taxonomy Meta Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image meta field value in the 'wpaft_add_meta_textinput' function in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
aftabhusain CWE-79
4.8
2024-10-22 CVE-2024-9591 Cross-site Scripting vulnerability in Aftabhusain Category and Taxonomy Image
The Category and Taxonomy Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '_category_image' parameter in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
aftabhusain CWE-79
4.8
2024-10-21 CVE-2024-30159 Cross-site Scripting vulnerability in Mitel Micollab
A vulnerability in the web conferencing component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a Stored Cross-Site Scripting (XSS) attack due to insufficient validation of user input.
network
low complexity
mitel CWE-79
4.8
2024-10-21 CVE-2024-30160 Cross-site Scripting vulnerability in Mitel Micollab
A vulnerability in the Suite Applications Services component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a Stored Cross-Site Scripting (XSS) attack due to insufficient validation of user input.
network
low complexity
mitel CWE-79
4.8
2024-10-21 CVE-2024-40746 Cross-site Scripting vulnerability in Hikashop
A stored cross-site scripting (XSS) vulnerability in HikaShop Joomla Component < 5.1.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload in the `description` parameter of any product.
network
low complexity
hikashop CWE-79
5.4
2024-10-21 CVE-2024-10198 Cross-site Scripting vulnerability in Code-Projects Pharmacy Management 1.0
A vulnerability was found in code-projects Pharmacy Management System 1.0.
network
low complexity
code-projects CWE-79
4.8
2024-10-21 CVE-2024-10199 Cross-site Scripting vulnerability in Code-Projects Pharmacy Management 1.0
A vulnerability was found in code-projects Pharmacy Management System 1.0.
network
low complexity
code-projects CWE-79
4.8
2024-10-21 CVE-2024-10197 Cross-site Scripting vulnerability in Code-Projects Pharmacy Management System 1.0
A vulnerability was found in code-projects Pharmacy Management System 1.0.
network
low complexity
code-projects CWE-79
4.8