Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2024-09-28 CVE-2024-9299 Cross-site Scripting vulnerability in Oretnom23 Railway Reservation System 1.0
A vulnerability classified as problematic has been found in SourceCodester Online Railway Reservation System 1.0.
network
low complexity
oretnom23 CWE-79
5.4
5.4
2024-09-28 CVE-2024-8189 Cross-site Scripting vulnerability in Ngothang WP Multitasking
The WP MultiTasking – WP Utilities plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpmt_menu_name’ parameter in all versions up to, and including, 0.1.17 due to insufficient input sanitization and output escaping.
network
low complexity
ngothang CWE-79
4.8
4.8
2024-09-28 CVE-2024-8712 Cross-site Scripting vulnerability in Stape GTM Server Side
The GTM Server Side plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.1.19.
network
low complexity
stape CWE-79
6.1
6.1
2024-09-28 CVE-2024-8715 Cross-site Scripting vulnerability in Objectiv Simple Ldap Login
The Simple LDAP Login plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.6.0.
network
low complexity
objectiv CWE-79
6.1
6.1
2024-09-28 CVE-2024-8547 Cross-site Scripting vulnerability in Garrettgrimm Simple Popup Plugin 4.5
The Simple Popup Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's [popup] shortcode in all versions up to, and including, 4.5 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
garrettgrimm CWE-79
5.4
5.4
2024-09-28 CVE-2024-8788 Cross-site Scripting vulnerability in Wpfactory Eu/Uk VAT Manager for Woocommerce
The EU/UK VAT Manager for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.12.11.
network
low complexity
wpfactory CWE-79
6.1
6.1
2024-09-28 CVE-2024-9023 Cross-site Scripting vulnerability in Axton Wp-Webauthn
The WP-WebAuthn plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wwa_login_form shortcode in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
axton CWE-79
5.4
5.4
2024-09-27 CVE-2024-46453 Cross-site Scripting vulnerability in Honeywell Iq3Xcite Firmware
A cross-site scripting (XSS) vulnerability in the component /test/ of iq3xcite v2.31 to v3.05 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
network
low complexity
honeywell CWE-79
6.1
6.1
2024-09-27 CVE-2024-47186 Cross-site Scripting vulnerability in Filamentphp Filament
Filament is a collection of full-stack components for Laravel development.
network
low complexity
filamentphp CWE-79
6.1
6.1
2024-09-27 CVE-2024-9291 Cross-site Scripting vulnerability in Kvf-Admin Project Kvf-Admin 20220212
A vulnerability classified as problematic has been found in kalvinGit kvf-admin up to f12a94dc1ebb7d1c51ee978a85e4c7ed75c620ff.
network
low complexity
kvf-admin-project CWE-79
5.4
5.4