Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-06 | CVE-2024-21897 | Cross-site Scripting vulnerability in Qnap QTS and Quts Hero A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. | 5.4 |
| 2024-09-06 | CVE-2024-27122 | Cross-site Scripting vulnerability in Qnap Notes Station 3 A cross-site scripting (XSS) vulnerability has been reported to affect Notes Station 3. | 5.4 |
| 2024-09-06 | CVE-2024-27125 | Cross-site Scripting vulnerability in Qnap Helpdesk A cross-site scripting (XSS) vulnerability has been reported to affect Helpdesk. | 4.8 |
| 2024-09-06 | CVE-2024-27126 | Cross-site Scripting vulnerability in Qnap Notes Station 3 A cross-site scripting (XSS) vulnerability has been reported to affect Notes Station 3. | 5.4 |
| 2024-09-06 | CVE-2024-32762 | Cross-site Scripting vulnerability in Qnap Qulog Center A cross-site scripting (XSS) vulnerability has been reported to affect QuLog Center. | 6.1 |
| 2024-09-06 | CVE-2024-38640 | Cross-site Scripting vulnerability in Qnap Download Station A cross-site scripting (XSS) vulnerability has been reported to affect Download Station. | 5.4 |
| 2024-09-06 | CVE-2024-44837 | Cross-site Scripting vulnerability in Deathbreak Drug 1.0 A cross-site scripting (XSS) vulnerability in the component \bean\Manager.java of Drug v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the user parameter. | 5.4 |
| 2024-09-06 | CVE-2024-7599 | Cross-site Scripting vulnerability in Wpcodeus Advanced Sermons The Advanced Sermons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘sermon_video_embed’ parameter in all versions up to, and including, 3.3 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-09-06 | CVE-2024-7611 | Cross-site Scripting vulnerability in Themelooks Enter Addons The Enter Addons – Ultimate Template Builder for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' attribute of the Events Card widget in all versions up to, and including, 2.1.8 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-09-06 | CVE-2024-8317 | Cross-site Scripting vulnerability in Wpeka WP Adcenter The WP AdCenter – Ad Manager & Adsense Ads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ad_alignment’ attribute in all versions up to, and including, 2.5.6 due to insufficient input sanitization and output escaping. | 5.4 |