VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
> Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2024-10-17
CVE-2024-10099
Cross-site Scripting vulnerability in Comfy Comfyui 0.2.2
A stored cross-site scripting (XSS) vulnerability exists in comfyanonymous/comfyui version 0.2.2 and possibly earlier.
network
low complexity
comfy
CWE-79
6.1
6.1
2024-10-17
CVE-2024-49392
Cross-site Scripting vulnerability in Acronis Cyber Files
Stored cross-site scripting (XSS) vulnerability on enrollment invitation page.
network
low complexity
acronis
CWE-79
4.8
4.8
2024-10-17
CVE-2024-8920
The Fonto – Custom Web Fonts Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2024-10-17
CVE-2024-9184
The SendPulse Free Web Push plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.6 due to incorrect use of the wp_kses_allowed_html function.
network
low complexity
CWE-79
7.2
7.2
2024-10-17
CVE-2024-9951
The WP Photo Album Plus plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wppa-tab' parameter in all versions up to, and including, 8.8.05.003 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1
6.1
2024-10-17
CVE-2024-9213
The ?????? ????? ??????? Persian WooCommerce SMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 7.0.2.
network
low complexity
CWE-79
6.1
6.1
2024-10-17
CVE-2024-8719
The Flexmls® IDX Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via several parameters like 'MaxBeds' and 'MinBeds' in all versions up to, and including, 3.14.22 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1
6.1
2024-10-17
CVE-2024-9347
The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wpext-export' parameter in all versions up to, and including, 3.0.9 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1
6.1
2024-10-16
CVE-2024-10033
Cross-site Scripting vulnerability in Redhat products
A vulnerability was found in aap-gateway.
network
low complexity
redhat
CWE-79
6.1
6.1
2024-10-16
CVE-2024-45071
Cross-site Scripting vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to stored cross-site scripting.
network
low complexity
ibm
CWE-79
4.8
4.8
«
Previous
1
2
...
51
52
53
(current)
54
55
...
2118
2119
»
Next