Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-09 | CVE-2024-8960 | Cross-site Scripting vulnerability in Codeless Cowidgets Elementor Addons The Cowidgets – Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-11-09 | CVE-2024-9775 | Cross-site Scripting vulnerability in Shtheme Anih The Anih - Creative Agency WordPress Theme theme for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2024 due to an incomplete blacklist, insufficient input sanitization, and output escaping. | 4.8 |
| 2024-11-08 | CVE-2024-52000 | Cross-site Scripting vulnerability in Combodo Itop Combodo iTop is a simple, web based IT Service Management tool. | 6.1 |
| 2024-11-08 | CVE-2024-51031 | Cross-site Scripting vulnerability in Oretnom23 CAB Management System 1.0 A Cross-site Scripting (XSS) vulnerability in manage_account.php in Sourcecodester Cab Management System 1.0 allows remote authenticated users to inject arbitrary web scripts via the "First Name," "Middle Name," and "Last Name" fields. | 5.4 |
| 2024-11-08 | CVE-2024-51032 | Cross-site Scripting vulnerability in Oretnom23 Toll TAX Management System 1.0 A Cross-site Scripting (XSS) vulnerability in manage_recipient.php of Sourcecodester Toll Tax Management System 1.0 allows remote authenticated users to inject arbitrary web scripts via the "owner" input field. | 5.4 |
| 2024-11-08 | CVE-2024-9841 | Cross-site Scripting vulnerability in Microfocus Arcsight Management Center and Arcsight Platform A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Management Center and ArcSight Platform. | 6.1 |
| 2024-11-08 | CVE-2024-10325 | Cross-site Scripting vulnerability in Brainstormforce Elementor Header & Footer Builder The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.6.45 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-11-08 | CVE-2024-10187 | Cross-site Scripting vulnerability in Mycred The myCred – Loyalty Points and Rewards plugin for WordPress and WooCommerce – Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mycred_link shortcode in all versions up to, and including, 2.7.4 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-11-08 | CVE-2024-10269 | Cross-site Scripting vulnerability in Benjaminzekavica Easy SVG Support The Easy SVG Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 3.7 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-11-07 | CVE-2024-49523 | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |