Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-02 | CVE-2024-43795 | Cross-site Scripting vulnerability in Openc3 Cosmos OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. | 6.1 |
| 2024-10-02 | CVE-2024-9440 | Cross-site Scripting vulnerability in Slimselectjs Slim Select Slim Select 2.0 versions through 2.9.0 are affected by a potential cross-site scripting vulnerability. | 6.1 |
| 2024-10-02 | CVE-2024-33209 | Cross-site Scripting vulnerability in Flatpress 1.3 FlatPress v1.3 is vulnerable to Cross Site Scripting (XSS). | 5.4 |
| 2024-10-02 | CVE-2024-8282 | Cross-site Scripting vulnerability in Vowelweb Ibtana The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ attribute within the 'wp:ive/ive-productscarousel' Gutenberg block in all versions up to, and including, 1.2.4.4 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-10-02 | CVE-2024-8505 | Cross-site Scripting vulnerability in Connekthq Ajax Load More The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘button_label’ parameter in all versions up to, and including, 7.1.2 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-10-02 | CVE-2024-9218 | Cross-site Scripting vulnerability in Themegrill Magazine Blocks The Magazine Blocks – Blog Designer, Magazine & Newspaper Website Builder, Page Builder with Posts Blocks, Post Grid plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.3.14. | 6.1 |
| 2024-10-02 | CVE-2024-9344 | Cross-site Scripting vulnerability in Berqier Berqwp The BerqWP – Automated All-In-One PageSpeed Optimization Plugin for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'url' parameter in all versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping. | 6.1 |
| 2024-10-02 | CVE-2024-9378 | Cross-site Scripting vulnerability in Icopydoc YML for Yandex Market The YML for Yandex Market plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 4.7.2 due to insufficient input sanitization and output escaping. | 6.1 |
| 2024-10-02 | CVE-2024-8800 | Cross-site Scripting vulnerability in Yoginetwork Rabbitloader The RabbitLoader – Website Speed Optimization for improving Core Web Vital metrics with Cache, Image Optimization, and more plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.21.0. | 6.1 |
| 2024-10-02 | CVE-2024-8967 | Cross-site Scripting vulnerability in Iworks PWA The PWA — easy way to Progressive Web App plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping. | 5.4 |