Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): xss
- Search Type: Search All
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2024-32588 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress LearnPress Export Import allows Reflected XSS.This issue affects LearnPress Export Import: from n/a through 4.0.3. Published: April 18, 2024; 5:15:12 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-32587 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EnvialoSimple EnvíaloSimple allows Reflected XSS.This issue affects EnvíaloSimple: from n/a through 2.2. Published: April 18, 2024; 5:15:12 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-2729 |
The Otter Blocks WordPress plugin before 2.6.6 does not properly escape its mainHeadings blocks' attribute before appending it to the final rendered block, allowing contributors to conduct Stored XSS attacks. Published: April 18, 2024; 1:15:48 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-32472 |
excalidraw is an open source virtual hand-drawn style whiteboard. A stored XSS vulnerability in Excalidraw's web embeddable component. This allows arbitrary JavaScript to be run in the context of the domain where the editor is hosted. There were two vectors. One rendering untrusted string as iframe's `srcdoc` without properly sanitizing against HTML injection. Second by improperly sanitizing against attribute HTML injection. This in conjunction with allowing `allow-same-origin` sandbox flag (necessary for several embeds) resulted in the XSS. This vulnerability is fixed in 0.17.6 and 0.16.4. Published: April 17, 2024; 6:15:08 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-32531 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Everest themes GuCherry Blog allows Reflected XSS.This issue affects GuCherry Blog: from n/a through 1.1.8. Published: April 17, 2024; 6:15:12 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-32530 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PressTigers Simple Testimonials Showcase allows Stored XSS.This issue affects Simple Testimonials Showcase: from n/a through 1.1.5. Published: April 17, 2024; 6:15:12 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-32529 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Momoyoga Yoga Schedule Momoyoga allows Stored XSS.This issue affects Yoga Schedule Momoyoga: from n/a through 2.7.0. Published: April 17, 2024; 6:15:11 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-32528 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Seerox WP Dynamic Keywords Injector allows Reflected XSS.This issue affects WP Dynamic Keywords Injector: from n/a through 2.3.18. Published: April 17, 2024; 6:15:11 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-32527 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jotform Jotform Online Forms allows Stored XSS.This issue affects Jotform Online Forms: from n/a through 1.3.1. Published: April 17, 2024; 6:15:11 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-32526 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Flector Easy Textillate allows Stored XSS.This issue affects Easy Textillate: from n/a through 2.02. Published: April 17, 2024; 6:15:11 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-32510 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Loopus WP Cost Estimation & Payment Forms Builder allows Reflected XSS.This issue affects WP Cost Estimation & Payment Forms Builder: from n/a through 10.1.75. Published: April 17, 2024; 6:15:11 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-32508 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in deTheme DethemeKit For Elementor allows Stored XSS.This issue affects DethemeKit For Elementor: from n/a through 2.0.2. Published: April 17, 2024; 6:15:10 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-32505 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wpmet Elements kit Elementor addons allows Stored XSS.This issue affects Elements kit Elementor addons: from n/a through 3.0.6. Published: April 17, 2024; 6:15:10 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-32457 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The CSSIgniter Team Elements Plus! allows Stored XSS.This issue affects Elements Plus!: from n/a through 2.16.3. Published: April 17, 2024; 6:15:10 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-32456 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EnvoThemes Envo Extra allows Stored XSS.This issue affects Envo Extra: from n/a through 1.8.11. Published: April 17, 2024; 6:15:10 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-32130 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Paystack Payment Forms for Paystack allows Stored XSS.This issue affects Payment Forms for Paystack: from n/a through 3.4.1. Published: April 17, 2024; 6:15:10 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-32546 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Adam Bowen Tax Rate Upload allows Reflected XSS.This issue affects Tax Rate Upload: from n/a through 2.4.5. Published: April 17, 2024; 5:15:10 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-32545 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Canva Canva – Design beautiful blog graphics allows Reflected XSS.This issue affects Canva – Design beautiful blog graphics: from n/a through 1.2.4. Published: April 17, 2024; 5:15:09 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-32544 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Netgsm allows Reflected XSS.This issue affects Netgsm: from n/a through 2.8. Published: April 17, 2024; 5:15:09 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-32543 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Minoji MJ Update History allows Reflected XSS.This issue affects MJ Update History: from n/a through 1.0.4. Published: April 17, 2024; 5:15:09 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |