Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-13 | CVE-2024-31414 | Cross-site Scripting vulnerability in Eaton Foreseer Electrical Power Monitoring System The Eaton Foreseer software provides users the capability to customize the dashboard in WebView pages. | 6.1 |
| 2024-09-13 | CVE-2024-44798 | Cross-site Scripting vulnerability in Anujk305 BUS Pass Management System 1.0 phpgurukul Bus Pass Management System 1.0 is vulnerable to Cross-site scripting (XSS) in /admin/pass-bwdates-reports-details.php via fromdate and todate parameters. | 4.8 |
| 2024-09-13 | CVE-2024-5789 | Cross-site Scripting vulnerability in Towfiqi Triton Lite The Triton Lite theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute within the theme's Button shortcode in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-09-13 | CVE-2024-5867 | Cross-site Scripting vulnerability in Nattywp Delicate The Delicate theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' parameter within the theme's Button shortcode in all versions up to, and including, 3.5.5 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-09-13 | CVE-2024-5869 | Cross-site Scripting vulnerability in Arnoldgoodway Neighborly The Neighborly theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the theme's Button shortcode in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-09-13 | CVE-2024-5870 | Cross-site Scripting vulnerability in Arnoldgoodway Tweaker5 The Tweaker5 theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the theme's Button shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-09-13 | CVE-2024-5884 | Cross-site Scripting vulnerability in Allprices Beauty The Beauty theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tpl_featured_cat_id’ parameter in all versions up to, and including, 1.1.4 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-09-13 | CVE-2024-8714 | Cross-site Scripting vulnerability in Slicewp Affiliate Program Suite The WordPress Affiliates Plugin — SliceWP Affiliates plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.1.20. | 6.1 |
| 2024-09-13 | CVE-2024-8730 | Cross-site Scripting vulnerability in Cvstech Exit Notifier The Exit Notifier plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.9.1. | 6.1 |
| 2024-09-13 | CVE-2024-8731 | Cross-site Scripting vulnerability in Leira Cron Jobs The Cron Jobs plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.2.9. | 6.1 |