VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
> Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2025-02-20
CVE-2024-49337
IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is vulnerable to HTML injection, caused by improper validation of user-supplied input of text fields used to construct workflow email notifications.
network
low complexity
CWE-80
5.4
5.4
2025-02-18
CVE-2024-13704
The Super Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'st_user_title' parameter in all versions up to, and including, 4.0.1 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-80
7.2
7.2
2025-02-05
CVE-2024-38318
IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to HTML injection.
network
low complexity
CWE-80
4.8
4.8
2025-01-25
CVE-2024-35112
IBM Control Center 6.2.1 and 6.3.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.
network
low complexity
CWE-80
5.4
5.4
2025-01-06
CVE-2024-51472
IBM UrbanCode Deploy (UCD) 7.2 through 7.2.3.13, 7.3 through 7.3.2.8, and IBM DevOps Deploy 8.0 through 8.0.1.3 are vulnerable to HTML injection.
network
high complexity
CWE-80
3.1
3.1
2024-12-17
CVE-2024-12127
The Learning Management System, eLearning, Course Builder, WordPress LMS Plugin – Sikshya LMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 0.0.21 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-80
6.1
6.1
2024-11-20
CVE-2024-11404
Unrestricted Upload of File with Dangerous Type, Improper Input Validation, Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in django CMS Association django Filer allows Input Data Manipulation, Stored XSS.This issue affects django Filer: from 3 before 3.3.
network
low complexity
CWE-80
5.5
5.5
2024-11-18
CVE-2020-26067
A vulnerability in the web-based interface of Cisco Webex Teams could allow an authenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to improper validation of usernames.
network
low complexity
CWE-80
5.4
5.4
2024-11-16
CVE-2024-10592
The Mapster WP Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the popup class parameter in all versions up to, and including, 1.6.0 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-80
6.4
6.4
2024-11-15
CVE-2022-20654
A vulnerability in the web-based interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based interface of Cisco Webex Meetings.
network
low complexity
CWE-80
6.1
6.1
«
1
(current)
2
»
Next