Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-13 | CVE-2024-6493 | Cross-site Scripting vulnerability in Ninjateam Header Footer Custom Code The NinjaTeam Header Footer Custom Code WordPress plugin before 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 4.8 |
| 2024-09-13 | CVE-2024-6617 | Cross-site Scripting vulnerability in Ninjateam Header Footer Custom Code The NinjaTeam Header Footer Custom Code WordPress plugin before 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 4.8 |
| 2024-09-13 | CVE-2024-6850 | Cross-site Scripting vulnerability in Majeedraza Carousel Slider The Carousel Slider WordPress plugin before 2.2.4 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | 4.8 |
| 2024-09-13 | CVE-2024-7133 | Cross-site Scripting vulnerability in Premio MY Sticky BAR The Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any WordPress plugin before 2.7.3 does not validate and escape some of its settings before outputting them back in the page, which could allow users with a high role to perform Stored Cross-Site Scripting attacks. | 4.8 |
| 2024-09-13 | CVE-2024-8656 | Cross-site Scripting vulnerability in Wpfactory Helper The WPFactory Helper plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.7.0. | 6.1 |
| 2024-09-12 | CVE-2024-34335 | Cross-site Scripting vulnerability in Ordat Ordat.Erp ORDAT FOSS-Online before version 2.24.01 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the login page. | 6.1 |
| 2024-09-12 | CVE-2024-45303 | Cross-site Scripting vulnerability in Discourse Calendar 0.2 Discourse Calendar plugin adds the ability to create a dynamic calendar in the first post of a topic to Discourse. | 6.1 |
| 2024-09-12 | CVE-2020-24061 | Cross-site Scripting vulnerability in Kasdanet Kw5515 Firmware 4.3.1.0 Cross Site Scripting (XSS) Vulnerability in Firewall menu in Control Panel in KASDA KW5515 version 4.3.1.0, allows attackers to execute arbitrary code and steal cookies via a crafted script | 4.3 |
| 2024-09-12 | CVE-2024-6700 | Cross-site Scripting vulnerability in Pega Infinity Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS issue with App name. | 4.8 |
| 2024-09-12 | CVE-2024-6701 | Cross-site Scripting vulnerability in Pega Infinity Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS issue with case type. | 4.8 |