VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
> Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2024-12-07
CVE-2024-11451
The Zooom plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'zooom' shortcode in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2024-12-07
CVE-2024-11904
The ???? ??? plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'msntt_add_plus_talk' shortcode in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2024-12-07
CVE-2024-11943
The ????? ?? ???? – ???? ?? ???? plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 5.2.2.
network
low complexity
CWE-79
6.1
6.1
2024-12-07
CVE-2024-12165
The Mollie for Contact Form 7 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 5.0.0 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1
6.1
2024-12-07
CVE-2024-12166
The Shortcodes Blocks Creator Ultimate plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1
6.1
2024-12-07
CVE-2024-12167
The Shortcodes Blocks Creator Ultimate plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the '_wpnonce' parameter in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1
6.1
2024-12-07
CVE-2024-12257
The CardGate Payments for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1
6.1
2024-12-06
CVE-2024-48703
Cross-site Scripting vulnerability in Anujk305 Medical Card Generation System 1.0
PhpGurukul Medical Card Generation System v1.0 is vulnerable to Cross Site Scripting (XSS) in /admin/search-medicalcard.php via the searchdata parameter.
network
low complexity
anujk305
CWE-79
4.8
4.8
2024-12-06
CVE-2024-55268
Cross-site Scripting vulnerability in PHPgurukul Covid 19 Testing Management System 1.0
A Reflected Cross Site Scripting (XSS) vulnerability was found in /covidtms/registered-user-testing.php in PHPGurukul COVID 19 Testing Management System 1.0 which allows remote attackers to execute arbitrary code via the regmobilenumber parameter.
network
low complexity
phpgurukul
CWE-79
6.1
6.1
2024-12-06
CVE-2024-11321
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Hi e-learning Learning Management System (LMS) allows Reflected XSS.This issue affects Learning Management System (LMS): before 06.12.2024.
network
low complexity
CWE-79
5.4
5.4
«
Previous
1
2
...
54
55
56
(current)
57
58
...
1825
1826
»
Next