Search Results (Refine Search)
- Keyword (text search): XSS
- Search Type: Search All
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2024-29003 |
The SolarWinds Platform was susceptible to a XSS vulnerability that affects the maps section of the user interface. This vulnerability requires authentication and requires user interaction. Published: April 18, 2024; 6:15:08 AM -0400 |
V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2024-32598 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Booking Algorithms BA Book Everything allows Stored XSS.This issue affects BA Book Everything: from n/a through 1.6.8. Published: April 18, 2024; 5:15:14 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-32597 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xylus Themes WordPress Importer allows Stored XSS.This issue affects WordPress Importer: from n/a through 1.0.7. Published: April 18, 2024; 5:15:14 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-32596 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eric-Oliver Mächler DSGVO Youtube allows Stored XSS.This issue affects DSGVO Youtube: from n/a through 1.4.5. Published: April 18, 2024; 5:15:14 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-32595 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mat Bao Corp WP Helper Premium allows Reflected XSS.This issue affects WP Helper Premium: from n/a before 4.6.0. Published: April 18, 2024; 5:15:13 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-32594 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AttesaWP Attesa Extra allows Stored XSS.This issue affects Attesa Extra: from n/a through 1.3.9. Published: April 18, 2024; 5:15:13 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-32593 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPBits WPBITS Addons For Elementor Page Builder allows Stored XSS.This issue affects WPBITS Addons For Elementor Page Builder: from n/a through 1.3.4.2. Published: April 18, 2024; 5:15:13 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-32592 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VoidCoders, innovs Void Elementor WHMCS Elements For Elementor Page Builder allows Stored XSS.This issue affects Void Elementor WHMCS Elements For Elementor Page Builder: from n/a through 2.0. Published: April 18, 2024; 5:15:13 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-32591 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Daniele De Rosa Backend Designer allows Stored XSS.This issue affects Backend Designer: from n/a through 1.3. Published: April 18, 2024; 5:15:12 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-32590 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Webfood Kattene allows Stored XSS.This issue affects Kattene: from n/a through 1.7. Published: April 18, 2024; 5:15:12 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-32588 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress LearnPress Export Import allows Reflected XSS.This issue affects LearnPress Export Import: from n/a through 4.0.3. Published: April 18, 2024; 5:15:12 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-32587 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EnvialoSimple EnvíaloSimple allows Reflected XSS.This issue affects EnvíaloSimple: from n/a through 2.2. Published: April 18, 2024; 5:15:12 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-2729 |
The Otter Blocks WordPress plugin before 2.6.6 does not properly escape its mainHeadings blocks' attribute before appending it to the final rendered block, allowing contributors to conduct Stored XSS attacks. Published: April 18, 2024; 1:15:48 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-32472 |
excalidraw is an open source virtual hand-drawn style whiteboard. A stored XSS vulnerability in Excalidraw's web embeddable component. This allows arbitrary JavaScript to be run in the context of the domain where the editor is hosted. There were two vectors. One rendering untrusted string as iframe's `srcdoc` without properly sanitizing against HTML injection. Second by improperly sanitizing against attribute HTML injection. This in conjunction with allowing `allow-same-origin` sandbox flag (necessary for several embeds) resulted in the XSS. This vulnerability is fixed in 0.17.6 and 0.16.4. Published: April 17, 2024; 6:15:08 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-32531 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Everest themes GuCherry Blog allows Reflected XSS.This issue affects GuCherry Blog: from n/a through 1.1.8. Published: April 17, 2024; 6:15:12 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-32530 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PressTigers Simple Testimonials Showcase allows Stored XSS.This issue affects Simple Testimonials Showcase: from n/a through 1.1.5. Published: April 17, 2024; 6:15:12 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-32529 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Momoyoga Yoga Schedule Momoyoga allows Stored XSS.This issue affects Yoga Schedule Momoyoga: from n/a through 2.7.0. Published: April 17, 2024; 6:15:11 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-32528 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Seerox WP Dynamic Keywords Injector allows Reflected XSS.This issue affects WP Dynamic Keywords Injector: from n/a through 2.3.18. Published: April 17, 2024; 6:15:11 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-32527 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jotform Jotform Online Forms allows Stored XSS.This issue affects Jotform Online Forms: from n/a through 1.3.1. Published: April 17, 2024; 6:15:11 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-32526 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Flector Easy Textillate allows Stored XSS.This issue affects Easy Textillate: from n/a through 2.02. Published: April 17, 2024; 6:15:11 AM -0400 |
V3.x:(not available) V2.0:(not available) |