VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
> Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2024-12-18
CVE-2024-41752
IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 is vulnerable to HTML injection.
low complexity
CWE-80
5.4
5.4
2024-12-17
CVE-2024-12127
The Learning Management System, eLearning, Course Builder, WordPress LMS Plugin – Sikshya LMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 0.0.21 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-80
6.1
6.1
2024-11-20
CVE-2024-11404
Unrestricted Upload of File with Dangerous Type, Improper Input Validation, Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in django CMS Association django Filer allows Input Data Manipulation, Stored XSS.This issue affects django Filer: from 3 before 3.3.
network
low complexity
CWE-80
5.5
5.5
2024-11-18
CVE-2020-26067
A vulnerability in the web-based interface of Cisco Webex Teams could allow an authenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to improper validation of usernames.
network
low complexity
CWE-80
5.4
5.4
2024-11-16
CVE-2024-10592
The Mapster WP Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the popup class parameter in all versions up to, and including, 1.6.0 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-80
6.4
6.4
2024-11-15
CVE-2022-20654
A vulnerability in the web-based interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based interface of Cisco Webex Meetings.
network
low complexity
CWE-80
6.1
6.1
2024-11-13
CVE-2024-10038
The WP-Strava plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.12.1 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-80
6.1
6.1
2024-11-08
CVE-2024-10621
The Simple Shortcode for Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's pw_map shortcode in all versions up to, and including, 1.5.4 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-80
6.4
6.4
2024-11-05
CVE-2024-49377
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Octoprint
OctoPrint provides a web interface for controlling consumer 3D printers.
network
low complexity
octoprint
CWE-80
6.1
6.1
2024-10-29
CVE-2024-9438
The SEUR Oficial plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'change_service' parameter in all versions up to, and including, 2.2.11 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-80
6.1
6.1
«
1
(current)
2
»
Next