Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-02 | CVE-2024-10701 | Cross-site Scripting vulnerability in PHPgurukul CAR Rental Portal 1.0 A vulnerability was found in PHPGurukul Car Rental Portal 1.0. | 6.1 |
| 2024-11-02 | CVE-2024-9896 | Cross-site Scripting vulnerability in Spider-Themes BBP Core The BBP Core – Expand bbPress powered forums with useful features plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.2.5. | 6.1 |
| 2024-11-02 | CVE-2024-10310 | Cross-site Scripting vulnerability in Bdthemes Element Pack The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom Gallery Widget 'image_title' parameter in all versions up to, and including, 5.10.1 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-11-02 | CVE-2024-8739 | Cross-site Scripting vulnerability in Wedevs Recaptcha Integration The ReCaptcha Integration for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.2.5. | 6.1 |
| 2024-11-02 | CVE-2024-9868 | Cross-site Scripting vulnerability in Bdthemes Element Pack The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Age Gate Widget 'url' parameter in all versions up to, and including, 5.10.1 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-11-01 | CVE-2024-41745 | Cross-site Scripting vulnerability in IBM Cics TX 11.1.0.0 IBM CICS TX Standard is vulnerable to cross-site scripting. | 6.1 |
| 2024-11-01 | CVE-2024-51377 | Cross-site Scripting vulnerability in Ladybirdweb Faveo Helpdesk 9.2.0 An issue in Ladybird Web Solution Faveo Helpdesk & Servicedesk (On-Premise and Cloud) 9.2.0 allows a remote attacker to execute arbitrary code via the Subject and Identifier fields | 5.4 |
| 2024-11-01 | CVE-2024-10367 | The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping. | 6.4 |
| 2024-11-01 | CVE-2024-10232 | The Group Chat & Video Chat by AtomChat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's atomchat shortcode in all versions up to, and including, 1.1.5 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2024-11-01 | CVE-2024-10652 | IDExpert from CHANGING Information Technology does not properly validate a parameter for a specific functionality, allowing unauthenticated remote attackers to inject JavsScript code and perform Reflected Cross-site scripting attacks. | 6.1 |