Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2024-11-16 CVE-2024-9850 The SVG Case Study plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2024-11-16 CVE-2024-9938 The Bounce Handler MailPoet 3 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.3.21 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1
6.1
2024-11-15 CVE-2024-45610 Cross-site Scripting vulnerability in Glpi-Project Glpi
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing.
network
low complexity
glpi-project CWE-79
6.1
6.1
2024-11-15 CVE-2024-45611 Cross-site Scripting vulnerability in Glpi-Project Glpi
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing.
network
low complexity
glpi-project CWE-79
5.4
5.4
2024-11-15 CVE-2024-11259 Cross-site Scripting vulnerability in Code-Projects Farmacia 1.0
A vulnerability, which was classified as problematic, has been found in code-projects Farmacia 1.0.
network
low complexity
code-projects CWE-79
6.1
6.1
2024-11-15 CVE-2024-45609 Cross-site Scripting vulnerability in Glpi-Project Glpi
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing.
network
low complexity
glpi-project CWE-79
6.1
6.1
2024-11-15 CVE-2024-43417 Cross-site Scripting vulnerability in Glpi-Project Glpi
GLPI is a free asset and IT management software package.
network
low complexity
glpi-project CWE-79
6.1
6.1
2024-11-15 CVE-2024-43418 Cross-site Scripting vulnerability in Glpi-Project Glpi
GLPI is a free asset and IT management software package.
network
low complexity
glpi-project CWE-79
6.1
6.1
2024-11-15 CVE-2024-41678 Cross-site Scripting vulnerability in Glpi-Project Glpi
GLPI is a free asset and IT management software package.
network
low complexity
glpi-project CWE-79
6.1
6.1
2024-11-15 CVE-2024-50655 Cross-site Scripting vulnerability in Emlog
emlog pro <=2.3.18 is vulnerable to Cross Site Scripting (XSS), which allows attackers to write malicious JavaScript code in published articles.
network
low complexity
emlog CWE-79
5.4
5.4