Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2024-12-03 CVE-2024-10484 The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Team' widget in all versions up to, and including, 2.16.2 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2024-12-03 CVE-2024-9694 The CMSMasters Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.14.7 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2024-11-30 CVE-2024-12001 Cross-site Scripting vulnerability in Anisha Wazifa System 1.0
A vulnerability classified as problematic has been found in code-projects Wazifa System 1.0.
network
low complexity
anisha CWE-79
5.4
5.4
2024-11-30 CVE-2024-12000 Cross-site Scripting vulnerability in Code-Projects Blood Bank System 1.0
A vulnerability was found in code-projects Blood Bank System 1.0.
network
low complexity
code-projects CWE-79
5.4
5.4
2024-11-30 CVE-2024-11996 Cross-site Scripting vulnerability in Anisha Farmacia 1.0
A vulnerability was found in code-projects Farmacia 1.0 and classified as problematic.
network
low complexity
anisha CWE-79
5.4
5.4
2024-11-30 CVE-2024-11997 Cross-site Scripting vulnerability in Anisha Farmacia 1.0
A vulnerability was found in code-projects Farmacia 1.0.
network
low complexity
anisha CWE-79
5.4
5.4
2024-11-30 CVE-2024-11252 The Social Sharing Plugin – Sassy Social Share plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the heateor_mastodon_share parameter in all versions up to, and including, 3.3.69 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1
6.1
2024-11-29 CVE-2024-11995 Cross-site Scripting vulnerability in Anisha Farmacia 1.0
A vulnerability has been found in code-projects Farmacia 1.0 and classified as problematic.
network
low complexity
anisha CWE-79
6.1
6.1
2024-11-28 CVE-2024-11203 The EmbedPress – Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘provider_name parameter in all versions up to, and including, 4.1.3 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2024-11-28 CVE-2024-11333 The HLS Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'hls_player' shortcode in all versions up to, and including, 1.0.10 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4