Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-30 | CVE-2024-47067 | Cross-site Scripting vulnerability in Alist Project Alist AList is a file list program that supports multiple storages. | 6.1 |
| 2024-09-30 | CVE-2024-47063 | Cross-site Scripting vulnerability in Cvat Computer Vision Annotation Tool Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. | 6.1 |
| 2024-09-30 | CVE-2024-8457 | Cross-site Scripting vulnerability in Planet Gs-4210-24P2S Firmware and Gs-4210-24Pl4C Firmware Certain switch models from PLANET Technology have a web application that does not properly validate specific parameters, allowing remote authenticated users with administrator privileges to inject arbitrary JavaScript, leading to Stored XSS attack. | 4.8 |
| 2024-09-30 | CVE-2024-3635 | Cross-site Scripting vulnerability in Radiustheme the Post Grid The Post Grid WordPress plugin before 7.5.0 does not sanitise and escape some of its Grid settings, which could allow high privilege users such as Editor and above to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 4.8 |
| 2024-09-30 | CVE-2024-8239 | Cross-site Scripting vulnerability in Squirrly Starbox The Starbox WordPress plugin before 3.5.3 does not properly render social media profiles URLs in certain contexts, like the malicious user's profile or pages where the starbox shortcode is used, which may be abused by users with at least the contributor role to conduct Stored XSS attacks. | 5.4 |
| 2024-09-30 | CVE-2024-8283 | Cross-site Scripting vulnerability in 10Web Slider The Slider by 10Web WordPress plugin before 1.2.59 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 4.8 |
| 2024-09-30 | CVE-2024-8536 | Cross-site Scripting vulnerability in Dotcamp Ultimate Blocks The Ultimate Blocks WordPress plugin before 3.2.2 does not validate and escape some of its block attributes before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 5.4 |
| 2024-09-29 | CVE-2024-9323 | Cross-site Scripting vulnerability in Mayurik Free and Open Source Inventory Management System 1.0 A vulnerability was found in SourceCodester Inventory Management System 1.0. | 5.4 |
| 2024-09-29 | CVE-2024-9320 | Cross-site Scripting vulnerability in Rems Online Timesheet APP 1.0 A vulnerability has been found in SourceCodester Online Timesheet App 1.0 and classified as problematic. | 5.4 |
| 2024-09-28 | CVE-2024-9300 | Cross-site Scripting vulnerability in Oretnom23 Railway Reservation System 1.0 A vulnerability classified as problematic was found in SourceCodester Online Railway Reservation System 1.0. | 6.1 |