Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-17 | CVE-2024-38380 | Cross-site Scripting vulnerability in Millbeckcommunications Proroute H685T-W Firmware 3.2.334 This vulnerability occurs when user-supplied input is improperly sanitized and then reflected back to the user's browser, allowing an attacker to execute arbitrary JavaScript in the context of the victim's browser session. | 5.4 |
| 2024-09-17 | CVE-2021-27915 | Cross-site Scripting vulnerability in Acquia Mautic Prior to the patched version, there is an XSS vulnerability in the description fields within the Mautic application which could be exploited by a logged in user of Mautic with the appropriate permissions. This could lead to the user having elevated access to the system. | 9.0 |
| 2024-09-17 | CVE-2024-5170 | Cross-site Scripting vulnerability in Wp-Master Logo Manager for Enamad The Logo Manager For Enamad WordPress plugin through 0.7.1 does not sanitise and escape in its widgets settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 4.8 |
| 2024-09-17 | CVE-2024-40857 | Cross-site Scripting vulnerability in Apple products This issue was addressed through improved state management. | 6.1 |
| 2024-09-16 | CVE-2024-32034 | Cross-site Scripting vulnerability in Decidim decidim is a Free Open-Source participatory democracy, citizen participation and open government for cities and organizations. | 4.8 |
| 2024-09-16 | CVE-2024-39910 | Cross-site Scripting vulnerability in Decidim decidim is a Free Open-Source participatory democracy, citizen participation and open government for cities and organizations. | 4.8 |
| 2024-09-16 | CVE-2024-46970 | Cross-site Scripting vulnerability in Jetbrains Intellij Idea In JetBrains IntelliJ IDEA before 2024.1 hTML injection via the project name was possible | 6.1 |
| 2024-09-16 | CVE-2024-8776 | Cross-site Scripting vulnerability in Intumit Smartrobot Firmware 6.0.0202012Tw SmartRobot from INTUMIT does not properly validate a specific page parameter, allowing unautheticated remote attackers to inject JavaScript code to the parameter for Reflected Cross-site Scripting attacks. | 6.1 |
| 2024-09-15 | CVE-2024-44053 | Cross-site Scripting vulnerability in Mohammadarif Opor Ayam Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Mohammad Arif Opor Ayam allows Reflected XSS.This issue affects Opor Ayam: from n/a through 1.8. | 6.1 |
| 2024-09-15 | CVE-2024-44054 | Cross-site Scripting vulnerability in Cryoutcreations Fluida Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Fluida allows Stored XSS.This issue affects Fluida: from n/a through 1.8.8. | 5.4 |