Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-26 | CVE-2024-8872 | Cross-site Scripting vulnerability in Bizswoop Store Hours for Woocommerce The Store Hours for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.3.20. | 6.1 |
| 2024-09-26 | CVE-2024-8861 | Cross-site Scripting vulnerability in Metagauss Profilegrid The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.9.3.2 due to incorrect use of the wp_kses_allowed_html function, which allows the 'onclick' attribute for certain HTML elements without sufficient restriction or context validation. | 5.4 |
| 2024-09-26 | CVE-2024-6517 | Cross-site Scripting vulnerability in Dotsquares Contact Form 7 Math Captcha The Contact Form 7 Math Captcha WordPress plugin through 2.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users. | 6.1 |
| 2024-09-26 | CVE-2024-45836 | Cross-site Scripting vulnerability in Planex products Cross-site scripting vulnerability exists in the web management page of PLANEX COMMUNICATIONS network cameras. | 6.1 |
| 2024-09-26 | CVE-2024-8723 | Cross-site Scripting vulnerability in Wangbin 012 PS Multi Languages The 012 Ps Multi Languages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via translated titles in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-09-26 | CVE-2024-8803 | Cross-site Scripting vulnerability in Madfishdigital Bulk Noindex & Nofollow Toolkit The Bulk NoIndex & NoFollow Toolkit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.15. | 6.1 |
| 2024-09-25 | CVE-2023-51157 | Cross-site Scripting vulnerability in Zkteco Wdms 5.1.3 Cross Site Scripting vulnerability in ZKTeco WDMS v.5.1.3 Pro allows a remote attacker to execute arbitrary code and obtain sensitive information via a crafted script to the Emp Name parameter. | 5.4 |
| 2024-09-25 | CVE-2024-46655 | Cross-site Scripting vulnerability in Ellevo 6.2.0.38160 A reflected cross-site scripting (XSS) vulnerability in Ellevo 6.2.0.38160 allows attackers to execute arbitrary code in the context of a user's browser via a crafted payload or URL. | 6.1 |
| 2024-09-25 | CVE-2024-20475 | Cross-site Scripting vulnerability in Cisco Catalyst Sd-Wan Manager A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. | 5.4 |
| 2024-09-25 | CVE-2024-45613 | Cross-site Scripting vulnerability in Ckeditor Ckeditor5 CKEditor 5 is a JavaScript rich-text editor. | 6.1 |