Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-10-22 | CVE-2024-9231 | Cross-site Scripting vulnerability in Butlerblog Wp-Members The WP-Members Membership Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.4.9.5. | 6.1 |
2024-10-22 | CVE-2024-9589 | Cross-site Scripting vulnerability in Aftabhusain Category and Taxonomy Meta Fields The Category and Taxonomy Meta Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'new_meta_name' parameter in the 'wpaft_option_page' function in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. | 4.8 |
2024-10-22 | CVE-2024-9590 | Cross-site Scripting vulnerability in Aftabhusain Category and Taxonomy Meta Fields The Category and Taxonomy Meta Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image meta field value in the 'wpaft_add_meta_textinput' function in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. | 4.8 |
2024-10-22 | CVE-2024-9591 | Cross-site Scripting vulnerability in Aftabhusain Category and Taxonomy Image The Category and Taxonomy Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '_category_image' parameter in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. | 4.8 |
2024-10-21 | CVE-2024-30159 | Cross-site Scripting vulnerability in Mitel Micollab A vulnerability in the web conferencing component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a Stored Cross-Site Scripting (XSS) attack due to insufficient validation of user input. | 4.8 |
2024-10-21 | CVE-2024-30160 | Cross-site Scripting vulnerability in Mitel Micollab A vulnerability in the Suite Applications Services component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a Stored Cross-Site Scripting (XSS) attack due to insufficient validation of user input. | 4.8 |
2024-10-21 | CVE-2024-40746 | Cross-site Scripting vulnerability in Hikashop A stored cross-site scripting (XSS) vulnerability in HikaShop Joomla Component < 5.1.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload in the `description` parameter of any product. | 5.4 |
2024-10-21 | CVE-2024-10198 | Cross-site Scripting vulnerability in Code-Projects Pharmacy Management 1.0 A vulnerability was found in code-projects Pharmacy Management System 1.0. | 4.8 |
2024-10-21 | CVE-2024-10199 | Cross-site Scripting vulnerability in Code-Projects Pharmacy Management 1.0 A vulnerability was found in code-projects Pharmacy Management System 1.0. | 4.8 |
2024-10-21 | CVE-2024-10197 | Cross-site Scripting vulnerability in Code-Projects Pharmacy Management System 1.0 A vulnerability was found in code-projects Pharmacy Management System 1.0. | 4.8 |