Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-15 | CVE-2024-11243 | Cross-site Scripting vulnerability in Code-Projects Online Shop Store 1.0 A vulnerability classified as problematic has been found in code-projects Online Shop Store 1.0. | 6.1 |
| 2024-11-15 | CVE-2024-41785 | IBM Concert Software 1.0.0 through 1.0.1 is vulnerable to cross-site scripting. | 6.1 |
| 2024-11-15 | CVE-2024-11240 | Cross-site Scripting vulnerability in Ibphoenix Ibwebadmin A vulnerability was found in IBPhoenix ibWebAdmin up to 1.0.2 and classified as problematic. | 6.1 |
| 2024-11-15 | CVE-2021-3741 | Cross-site Scripting vulnerability in Chatwoot A stored cross-site scripting (XSS) vulnerability was discovered in chatwoot/chatwoot, affecting all versions prior to 2.6. | 5.4 |
| 2024-11-15 | CVE-2021-3841 | Cross-site Scripting vulnerability in Sylius sylius/sylius versions prior to 1.9.10, 1.10.11, and 1.11.2 are vulnerable to stored cross-site scripting (XSS) through SVG files. | 5.4 |
| 2024-11-15 | CVE-2024-11182 | Cross-site Scripting vulnerability in Mdaemon 5.0/5.0.6 An XSS issue was discovered in MDaemon Email Server before version 24.5.1c. | 6.1 |
| 2024-11-15 | CVE-2024-1097 | Cross-site Scripting vulnerability in K5N Webcalendar 1.3.0 A stored cross-site scripting (XSS) vulnerability exists in craigk5n/webcalendar version 1.3.0. | 5.4 |
| 2024-11-15 | CVE-2024-10825 | Cross-site Scripting vulnerability in Wpplugins Hide MY WP Ghost The Hide My WP Ghost – Security & Firewall plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the URL in all versions up to, and including, 5.3.01 due to insufficient input sanitization and output escaping. | 6.1 |
| 2024-11-15 | CVE-2024-8961 | Cross-site Scripting vulnerability in Wpdeveloper Essential Addons for Elementor The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘nomore_items_text’ parameter in all versions up to, and including, 6.0.7 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-11-15 | CVE-2024-10113 | Cross-site Scripting vulnerability in Wpeka WP Adcenter The WP AdCenter – Ad Manager & Adsense Ads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpadcenter_ad shortcode in all versions up to, and including, 2.5.7 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |