Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2024-09-12 CVE-2024-6887 Cross-site Scripting vulnerability in Seedprod Rafflepress
The Giveaways and Contests by RafflePress WordPress plugin before 1.12.16 does not sanitise and escape some of its Giveaways settings, which could allow high privilege users such as editor and above to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
network
low complexity
seedprod CWE-79
4.8
4.8
2024-09-12 CVE-2024-7816 Cross-site Scripting vulnerability in Adeelraza Gixaw Chat
The Gixaw Chat WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
network
low complexity
adeelraza CWE-79
6.1
6.1
2024-09-12 CVE-2024-7818 Cross-site Scripting vulnerability in Michalaugustyniak Misiek Photo Album
The Misiek Photo Album WordPress plugin through 1.4.3 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
network
low complexity
michalaugustyniak CWE-79
6.1
6.1
2024-09-12 CVE-2024-7822 Cross-site Scripting vulnerability in Gwycon Quick Code
The Quick Code WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
network
low complexity
gwycon CWE-79
6.1
6.1
2024-09-12 CVE-2024-7860 Cross-site Scripting vulnerability in Outtolunchproductions Simple Headline Rotator
The Simple Headline Rotator WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
network
low complexity
outtolunchproductions CWE-79
6.1
6.1
2024-09-12 CVE-2024-7861 Cross-site Scripting vulnerability in Michalaugustyniak Misiek Paypal
The Misiek Paypal WordPress plugin through 1.1.20090324 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
network
low complexity
michalaugustyniak CWE-79
6.1
6.1
2024-09-12 CVE-2024-8054 Cross-site Scripting vulnerability in Mm-Breaking News Project Mm-Breaking News
The MM-Breaking News WordPress plugin through 0.7.9 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
network
low complexity
mm-breaking-news-project CWE-79
6.1
6.1
2024-09-12 CVE-2024-8056 Cross-site Scripting vulnerability in Mm-Breaking News Project Mm-Breaking News
The MM-Breaking News WordPress plugin through 0.7.9 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers
network
low complexity
mm-breaking-news-project CWE-79
6.1
6.1
2024-09-12 CVE-2024-8708 Cross-site Scripting vulnerability in Mayurik Best House Rental Management System 1.0
A vulnerability was found in SourceCodester Best House Rental Management System 1.0.
network
low complexity
mayurik CWE-79
6.1
6.1
2024-09-11 CVE-2024-44851 Cross-site Scripting vulnerability in Perfexcrm Perfex CRM 1.1.0
A stored cross-site scripting (XSS) vulnerability in the Discussion section of Perfex CRM v1.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Content parameter.
network
low complexity
perfexcrm CWE-79
5.4
5.4