Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2024-11-20 CVE-2024-11489 Cross-site Scripting vulnerability in 115Cms 4.2
A vulnerability was found in 115cms up to 20240807.
network
low complexity
115cms CWE-79
6.1
6.1
2024-11-20 CVE-2024-11490 Cross-site Scripting vulnerability in 115Cms 4.2
A vulnerability was found in 115cms up to 20240807.
network
low complexity
115cms CWE-79
6.1
6.1
2024-11-20 CVE-2024-11406 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in django CMS Association django CMS Attributes Fields allows Stored XSS.This issue affects django CMS Attributes Fields: before 4.0.
network
low complexity
CWE-79
6.9
6.9
2024-11-20 CVE-2024-10872 Cross-site Scripting vulnerability in Motopress Getwid
The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `template-post-custom-field` block in all versions up to, and including, 2.0.12 due to insufficient input sanitization and output escaping.
network
low complexity
motopress CWE-79
5.4
5.4
2024-11-20 CVE-2024-11277 Cross-site Scripting vulnerability in Ajexperience 404 Solution
The 404 Solution plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URLs in all versions up to, and including, 2.35.19 due to insufficient input sanitization and output escaping.
network
low complexity
ajexperience CWE-79
6.1
6.1
2024-11-20 CVE-2024-8726 Cross-site Scripting vulnerability in Mailmunch Mailchimp Forms
The MailChimp Forms by MailMunch plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.2.3.
network
low complexity
mailmunch CWE-79
6.1
6.1
2024-11-20 CVE-2024-9239 The Booster for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 7.2.3.
network
low complexity
CWE-79
6.1
6.1
2024-11-20 CVE-2024-9653 Cross-site Scripting vulnerability in Oracle Restaurant Menu - Food Ordering System - Table Reservation
The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'action' parameter in all versions up to, and including, 2.4.2 due to insufficient input sanitization and output escaping.
network
low complexity
oracle CWE-79
6.1
6.1
2024-11-20 CVE-2024-44309 Cross-site Scripting vulnerability in Apple products
A cookie management issue was addressed with improved state management.
network
low complexity
apple CWE-79
6.1
6.1
2024-11-19 CVE-2023-27609 Cross-site Scripting vulnerability in Hyscaler WP Roles AT Registration
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in NetTantra WP Roles at Registration allows Stored XSS.This issue affects WP Roles at Registration: from n/a through 0.23.
network
low complexity
hyscaler CWE-79
4.8
4.8