VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
> Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2024-12-04
CVE-2024-12180
Cross-site Scripting vulnerability in Dedecms
A vulnerability classified as problematic has been found in DedeCMS 5.7.116.
network
low complexity
dedecms
CWE-79
5.4
5.4
2024-12-04
CVE-2024-12181
Cross-site Scripting vulnerability in Dedecms
A vulnerability classified as problematic was found in DedeCMS 5.7.116.
network
low complexity
dedecms
CWE-79
5.4
5.4
2024-12-04
CVE-2024-11935
The Email Address Obfuscation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘class’ parameter in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2024-12-04
CVE-2024-11854
The Listdom – Business Directory and Classified Ads Listings WordPress Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘shortcode’ parameter in all versions up to, and including, 3.7.0 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2024-12-04
CVE-2024-8962
The WPBITS Addons For Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2024-12-04
CVE-2024-11814
The Additional Custom Order Status for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the wfwp_wcos_delete_finished, wfwp_wcos_delete_fallback_finished, wfwp_wcos_delete_fallback_orders_updated, and wfwp_wcos_delete_fallback_status parameters in all versions up to, and including, 1.6.0 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1
6.1
2024-12-04
CVE-2024-11880
The B Testimonial – testimonial plugin for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'b_testimonial' shortcode in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2024-12-04
CVE-2024-5020
Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled FancyBox JavaScript library (versions 1.3.4 to 3.5.7) in various versions due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2024-12-04
CVE-2023-6978
The WP Job Manager – Company Profiles plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'company' parameter in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1
6.1
2024-12-04
CVE-2024-11466
The Intro Tour Tutorial DeepPresentation plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 6.5.2 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1
6.1
«
Previous
1
2
...
58
59
60
(current)
61
62
...
1825
1826
»
Next