Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2024-11-20 CVE-2024-11488 A vulnerability was found in 115cms up to 20240807 and classified as problematic.
network
low complexity
CWE-79
6.1
6.1
2024-11-20 CVE-2024-11489 A vulnerability was found in 115cms up to 20240807.
network
low complexity
CWE-79
6.1
6.1
2024-11-20 CVE-2024-11490 A vulnerability was found in 115cms up to 20240807.
network
low complexity
CWE-79
6.1
6.1
2024-11-20 CVE-2024-11406 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in django CMS Association django CMS Attributes Fields allows Stored XSS.This issue affects django CMS Attributes Fields: before 4.0.
network
low complexity
CWE-79
6.9
6.9
2024-11-20 CVE-2024-10872 Cross-site Scripting vulnerability in Motopress Getwid
The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `template-post-custom-field` block in all versions up to, and including, 2.0.12 due to insufficient input sanitization and output escaping.
network
low complexity
motopress CWE-79
5.4
5.4
2024-11-20 CVE-2024-11277 The 404 Solution plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URLs in all versions up to, and including, 2.35.19 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1
6.1
2024-11-20 CVE-2024-8726 The MailChimp Forms by MailMunch plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.2.3.
network
low complexity
CWE-79
6.1
6.1
2024-11-20 CVE-2024-9239 The Booster for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 7.2.3.
network
low complexity
CWE-79
6.1
6.1
2024-11-20 CVE-2024-9653 The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'action' parameter in all versions up to, and including, 2.4.2 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1
6.1
2024-11-19 CVE-2024-11400 The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the really_curr_tax parameter in all versions up to, and including, 1.3.6.3 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1
6.1