Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2024-11-06 CVE-2024-10647 Cross-site Scripting vulnerability in Westguardsolutions WS Form
The WS Form LITE – Drag & Drop Contact Form Builder for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.9.244.
network
low complexity
westguardsolutions CWE-79
6.1
6.1
2024-11-05 CVE-2024-50335 Cross-site Scripting vulnerability in Salesagility Suitecrm
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application.
network
low complexity
salesagility CWE-79
5.4
5.4
2024-11-05 CVE-2024-10842 Cross-site Scripting vulnerability in Romadebrian Web-Sekolah 1.0
A vulnerability, which was classified as problematic, has been found in romadebrian WEB-Sekolah 1.0.
network
low complexity
romadebrian CWE-79
4.8
4.8
2024-11-05 CVE-2024-10840 Cross-site Scripting vulnerability in Romadebrian Web-Sekolah 1.0
A vulnerability classified as problematic has been found in romadebrian WEB-Sekolah 1.0.
network
low complexity
romadebrian CWE-79
4.8
4.8
2024-11-05 CVE-2024-9657 Cross-site Scripting vulnerability in Bdthemes Element Pack
The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tooltip' parameter in all versions up to, and including, 5.10.2 due to insufficient input sanitization and output escaping.
network
low complexity
bdthemes CWE-79
5.4
5.4
2024-11-05 CVE-2024-9867 Cross-site Scripting vulnerability in Bdthemes Element Pack
The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Open Map Widget' marker_content parameter in all versions up to, and including, 5.10.2 due to insufficient input sanitization and output escaping.
network
low complexity
bdthemes CWE-79
5.4
5.4
2024-11-05 CVE-2024-9178 Cross-site Scripting vulnerability in Xplodedthemes XT Floating Cart for Woocommerce
The XT Floating Cart for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.8.2 due to insufficient input sanitization and output escaping.
network
low complexity
xplodedthemes CWE-79
5.4
5.4
2024-11-05 CVE-2024-9878 Cross-site Scripting vulnerability in 10Web Photo Gallery
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.8.30 due to insufficient input sanitization and output escaping.
network
low complexity
10web CWE-79
4.8
4.8
2024-11-05 CVE-2024-9443 Cross-site Scripting vulnerability in Basticom Framework
The Basticom Framework plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping.
network
low complexity
basticom CWE-79
5.4
5.4
2024-11-05 CVE-2024-9667 Cross-site Scripting vulnerability in Castos Seriously Simple Podcasting
The Seriously Simple Podcasting plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.5.0.
network
low complexity
castos CWE-79
6.1
6.1