VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
> Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2024-11-22
CVE-2024-11225
The Premium Packages – Sell Digital Products Securely plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 5.9.3.
network
low complexity
CWE-79
6.1
6.1
2024-11-22
CVE-2024-11381
The Control horas plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ch_registro' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2024-11-22
CVE-2024-8735
The MailMunch – Grow your Email List plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.1.8.
network
low complexity
CWE-79
6.1
6.1
2024-11-21
CVE-2024-11587
Cross-site Scripting vulnerability in Idccms 1.60
A vulnerability was found in idcCMS 1.60.
network
low complexity
idccms
CWE-79
6.1
6.1
2024-11-21
CVE-2024-10164
The Premium Packages – Sell Digital Products Securely plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpdmpp_pay_link shortcode in all versions up to, and including, 5.9.3 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2024-11-21
CVE-2024-10172
The WPBakery Visual Composer WHMCS Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's void_wbwhmcse_laouts_search shortcode in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2024-11-21
CVE-2024-10177
The Beds24 Online Booking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's beds24-link shortcode in all versions up to, and including, 2.0.26 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2024-11-21
CVE-2024-10522
The Co-marquage service-public.fr plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 0.5.76.
network
low complexity
CWE-79
6.1
6.1
2024-11-21
CVE-2024-10623
The ForumEngine theme for WordPress is vulnerable to Reflected Cross-Site Scripting via a URL in all versions up to, and including, 1.8 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1
6.1
2024-11-21
CVE-2024-10675
The affiliate-toolkit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via a URL in all versions up to, and including, 3.6.7 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1
6.1
«
Previous
1
2
...
67
68
69
(current)
70
71
...
1825
1826
»
Next