Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-17 | CVE-2024-44050 | Cross-site Scripting vulnerability in Cryoutcreations Verbosa Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Verbosa allows Stored XSS.This issue affects Verbosa: from n/a through 1.2.3. | 5.4 |
| 2024-09-17 | CVE-2024-44051 | Cross-site Scripting vulnerability in Vanderwijk Content Blocks Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Johan van der Wijk Content Blocks (Custom Post Widget) allows Stored XSS.This issue affects Content Blocks (Custom Post Widget): from n/a through 3.3.5. | 5.4 |
| 2024-09-17 | CVE-2024-44064 | Cross-Site Request Forgery (CSRF) vulnerability in Likebtn Like Button Rating Cross-Site Request Forgery (CSRF) vulnerability in LikeBtn Like Button Rating allows Cross-Site Scripting (XSS).This issue affects Like Button Rating: from n/a through 2.6.54. | 6.1 |
| 2024-09-17 | CVE-2024-45451 | Cross-site Scripting vulnerability in Cryoutcreations Roseta Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Roseta allows Stored XSS.This issue affects Roseta: from n/a through 1.3.0. | 5.4 |
| 2024-09-17 | CVE-2024-45452 | Cross-site Scripting vulnerability in Cryoutcreations Septera Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Septera septera allows Stored XSS.This issue affects Septera: from n/a through 1.5.1. | 5.4 |
| 2024-09-17 | CVE-2024-45815 | Unspecified vulnerability in Backstage Backstage is an open framework for building developer portals. | 6.5 |
| 2024-09-17 | CVE-2024-45816 | Path Traversal vulnerability in Backstage Backstage is an open framework for building developer portals. | 6.5 |
| 2024-09-17 | CVE-2024-46976 | Cross-site Scripting vulnerability in Backstage Backstage is an open framework for building developer portals. | 5.4 |
| 2024-09-17 | CVE-2024-8906 | Unspecified vulnerability in Google Chrome Incorrect security UI in Downloads in Google Chrome prior to 129.0.6668.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. | 4.3 |
| 2024-09-17 | CVE-2024-8907 | Cross-site Scripting vulnerability in Google Chrome Insufficient data validation in Omnibox in Google Chrome on Android prior to 129.0.6668.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML (XSS) via a crafted set of UI gestures. | 6.1 |