Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE	CVE	VULNERABILITY TITLE	RISK
2024-09-10	CVE-2024-43796	Cross-site Scripting vulnerability in Openjsf Express Express.js minimalist web framework for node. network high complexity openjsf CWE-79	4.7
2024-09-10	CVE-2024-43799	Cross-site Scripting vulnerability in Send Project Send Send is a library for streaming files from the file system as a http response. network high complexity send-project CWE-79	4.7
2024-09-10	CVE-2024-43800	Cross-site Scripting vulnerability in Openjsf Serve-Static serve-static serves static files. network high complexity openjsf CWE-79	4.7
2024-09-10	CVE-2024-6282	Cross-site Scripting vulnerability in Master-Addons Master Addons The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-jltma-wrapper-link element in all versions up to, and including 2.0.6.4 due to insufficient input sanitization and output escaping on user-supplied attributes. network low complexity master-addons CWE-79	5.4
2024-09-10	CVE-2024-8241	Cross-site Scripting vulnerability in Pixelgrade Nova Blocks The Nova Blocks by Pixelgrade plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'align' attribute of the 'wp:separator' Gutenberg block in all versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity pixelgrade CWE-79	5.4
2024-09-10	CVE-2024-8543	Cross-site Scripting vulnerability in Artembovkun Slider Comparison Image Before and After The Slider comparison image before and after plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's [sciba] shortcode in all versions up to, and including, 0.8.3 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity artembovkun CWE-79	5.4
2024-09-10	CVE-2024-7618	Cross-site Scripting vulnerability in Peepso The Community by PeepSo – Social Network, Membership, Registration, User Profiles plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘content’ parameter in all versions up to, and including, 6.4.5.0 due to insufficient input sanitization and output escaping. network low complexity peepso CWE-79	4.8
2024-09-10	CVE-2024-7655	Cross-site Scripting vulnerability in Peepso The Community by PeepSo – Social Network, Membership, Registration, User Profiles plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 6.4.5.0 due to insufficient input sanitization and output escaping. network low complexity peepso CWE-79	4.8
2024-09-09	CVE-2024-8610	Cross-site Scripting vulnerability in Mayurik Best House Rental Management System 1.0 A vulnerability classified as problematic has been found in SourceCodester Best House Rental Management System 1.0. network low complexity mayurik CWE-79	5.4
2024-09-09	CVE-2023-50883	Cross-site Scripting vulnerability in Onlyoffice Document Server ONLYOFFICE Docs before 8.0.1 allows XSS because a macro is an immediately-invoked function expression (IIFE), and therefore a sandbox escape is possible by directly calling the constructor of the Function object. network low complexity onlyoffice CWE-79	6.1