Vulnerabilities (CVE)

Filtered by CWE-79
Total 28117 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-35708 1 Apollo13themes 1 Rife Free 2024-07-12 N/A 5.4 MEDIUM
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in apollo13themes Rife Free allows Stored XSS.This issue affects Rife Free: from n/a through 2.4.19.
CVE-2024-27183 1 Dj-extensions 1 Dj-helpfularticles 2024-07-12 N/A 6.1 MEDIUM
XSS vulnerability in DJ-HelpfulArticles component for Joomla.
CVE-2024-4655 1 Dotcamp 1 Ultimate Blocks 2024-07-12 N/A 5.4 MEDIUM
The Ultimate Blocks WordPress plugin before 3.1.9 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
CVE-2024-6025 1 Expresstech 1 Quiz And Survey Master 2024-07-12 N/A 5.4 MEDIUM
The Quiz and Survey Master (QSM) WordPress plugin before 9.0.5 does not sanitise and escape some of its Quiz settings, which could allow contributors and higher to perform Stored Cross-Site Scripting attacks
CVE-2024-6026 1 10web 1 Slider 2024-07-12 N/A 5.4 MEDIUM
The Slider by 10Web WordPress plugin before 1.2.56 does not sanitise and escape some of its Slide options, which could allow authenticated users with access to the Sliders (by default Administrator, however this can be changed via the Slider by 10Web WordPress plugin before 1.2.56's options) and the ability to add images (Editor+) to perform Stored Cross-Site Scripting attacks
CVE-2024-6138 1 Ays-pro 1 Secure Copy Content Protection And Content Locking 2024-07-12 N/A 4.8 MEDIUM
The Secure Copy Content Protection and Content Locking WordPress plugin before 4.0.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVE-2024-6256 1 Smashballoon 1 Feeds For Youtube 2024-07-12 N/A 5.4 MEDIUM
The Feeds for YouTube (YouTube video, channel, and gallery plugin) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'youtube-feed' shortcode in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVE-2024-6528 1 Schneider-electric 10 Modicon Lmc058, Modicon Lmc058 Firmware, Modicon M241 and 7 more 2024-07-12 N/A 6.1 MEDIUM
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause a vulnerability leading to a cross-site scripting condition where attackers can have a victim’s browser run arbitrary JavaScript when they visit a page containing the injected payload.
CVE-2024-4477 1 Onetarek 1 Wp Logs Book 2024-07-12 N/A 5.4 MEDIUM
The WP Logs Book WordPress plugin through 1.0.1 does not sanitise and escape some of its log data before outputting them back in an admin dashboard, leading to an Unauthenticated Stored Cross-Site Scripting
CVE-2024-40740 1 Netbox 1 Netbox 2024-07-12 N/A 6.1 MEDIUM
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-feeds/{id}/edit/.
CVE-2024-40733 1 Netbox 1 Netbox 2024-07-12 N/A 6.1 MEDIUM
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/front-ports/{id}/edit/.
CVE-2024-40618 2024-07-12 N/A 9.6 CRITICAL
Whale browser before 3.26.244.21 allows an attacker to execute malicious JavaScript due to improper sanitization when processing a built-in extension.
CVE-2024-2375 1 2code 1 Wpqa Builder 2024-07-12 N/A 5.4 MEDIUM
The WPQA Builder WordPress plugin before 6.1.1 does not sanitise and escape some of its Slider settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks
CVE-2023-5942 1 Drelton 1 Medialist 2024-07-12 N/A 5.4 MEDIUM
The Medialist WordPress plugin before 1.4.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
CVE-2023-5343 1 Ays-pro 1 Popup Box 2024-07-12 N/A 4.8 MEDIUM
The Popup box WordPress plugin before 3.7.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.
CVE-2023-2707 1 Gappointments 1 Gappointments 2024-07-12 N/A 4.8 MEDIUM
The gAppointments WordPress plugin through 1.9.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CVE-2024-37554 1 Codeastrology 1 Ultraaddons 2024-07-12 N/A 5.4 MEDIUM
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CodeAstrology Team UltraAddons Elementor Lite (Header & Footer Builder, Menu Builder, Cart Icon, Shortcode).This issue affects UltraAddons Elementor Lite (Header & Footer Builder, Menu Builder, Cart Icon, Shortcode): from n/a through 1.1.6.
CVE-2024-37553 1 Axelerant 1 Testimonials Widget 2024-07-12 N/A 5.4 MEDIUM
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Axelerant Testimonials Widget allows Stored XSS.This issue affects Testimonials Widget: from n/a through 4.0.4.
CVE-2024-5802 1 Mythemeshop 1 Url Shortener 2024-07-12 N/A 4.8 MEDIUM
The URL Shortener by Myhop WordPress plugin through 1.0.17 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
CVE-2024-38971 1 Vaethink 1 Vaethink 2024-07-12 N/A 5.4 MEDIUM
vaeThink 1.0.2 is vulnerable to stored Cross Site Scripting (XSS) in the system backend.