VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
> Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2025-03-27
CVE-2025-1997
IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.0 / IBM DevOps Deploy 8.0 through 8.0.1.4 and 8.1 through 8.1 could allow unauthorized access to other services or potential exposure of sensitive data due to missing authentication in its Agent Relay service.
network
low complexity
CWE-80
5.4
5.4
2025-03-15
CVE-2024-13497
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Tripetto
The WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto plugin for WordPress is vulnerable to Stored Cross-Site Scripting via attachment uploads in all versions up to, and including, 8.0.9 due to insufficient input sanitization and output escaping.
network
low complexity
tripetto
CWE-80
6.1
6.1
2025-03-02
CVE-2025-1807
A vulnerability, which was classified as problematic, was found in Eastnets PaymentSafe 2.5.26.0.
network
low complexity
CWE-80
3.5
3.5
2025-02-20
CVE-2024-49337
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in IBM Openpages With Watson 9.0
IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is vulnerable to HTML injection, caused by improper validation of user-supplied input of text fields used to construct workflow email notifications.
network
low complexity
ibm
CWE-80
5.4
5.4
2025-01-25
CVE-2024-35112
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in IBM Control Center 6.2.1.0/6.3.1.0
IBM Control Center 6.2.1 and 6.3.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.
network
low complexity
ibm
CWE-80
4.3
4.3
2025-01-06
CVE-2024-51472
IBM UrbanCode Deploy (UCD) 7.2 through 7.2.3.13, 7.3 through 7.3.2.8, and IBM DevOps Deploy 8.0 through 8.0.1.3 are vulnerable to HTML injection.
network
high complexity
CWE-80
3.1
3.1
2024-12-17
CVE-2024-12127
The Learning Management System, eLearning, Course Builder, WordPress LMS Plugin – Sikshya LMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 0.0.21 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-80
6.1
6.1
2024-11-20
CVE-2024-11404
Unrestricted Upload of File with Dangerous Type, Improper Input Validation, Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in django CMS Association django Filer allows Input Data Manipulation, Stored XSS.This issue affects django Filer: from 3 before 3.3.
network
low complexity
CWE-80
5.5
5.5
2024-11-18
CVE-2020-26067
A vulnerability in the web-based interface of Cisco Webex Teams could allow an authenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to improper validation of usernames.
network
low complexity
CWE-80
5.4
5.4
2024-11-16
CVE-2024-10592
The Mapster WP Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the popup class parameter in all versions up to, and including, 1.6.0 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-80
6.4
6.4
«
1
(current)
2
»
Next