Search Results (Refine Search)
- Keyword (text search): xss
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2024-32698 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Leevio Happy Addons for Elementor allows Stored XSS.This issue affects Happy Addons for Elementor: from n/a through 3.10.4. Published: April 22, 2024; 4:15:39 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-32697 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HelloAsso allows Stored XSS.This issue affects HelloAsso: from n/a through 1.1.5. Published: April 22, 2024; 4:15:39 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-32696 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuantumCloud Infographic Maker – iList allows Stored XSS.This issue affects Infographic Maker – iList: from n/a through 4.6.6. Published: April 22, 2024; 4:15:38 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-32695 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Marco Gasi Language Switcher for Transposh allows Reflected XSS.This issue affects Language Switcher for Transposh: from n/a through 1.5.9. Published: April 22, 2024; 4:15:38 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-32694 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Creative interactive media 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin allows Reflected XSS.This issue affects 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin: from n/a through 3.62. Published: April 22, 2024; 4:15:38 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-32690 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fahad Mahmood RSS Feed Widget allows Stored XSS.This issue affects RSS Feed Widget: from n/a through 2.9.7. Published: April 22, 2024; 4:15:37 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-29217 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Answer.This issue affects Apache Answer: before 1.3.0. XSS attack when user changes personal website. A logged-in user, when modifying their personal website, can input malicious code in the website to create such an attack. Users are recommended to upgrade to version [1.3.0], which fixes the issue. Published: April 21, 2024; 12:15:47 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-29183 |
OpenRASP is a RASP solution that directly integrates its protection engine into the application server by instrumentation. There exists a reflected XSS in the /login page due to a reflection of the redirect parameter. This allows an attacker to execute arbitrary javascript with the permissions of a user after the user logins with their account. Published: April 19, 2024; 12:15:10 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-29029 |
memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/image that allows unauthenticated users to enumerate the internal network and retrieve images. The response from the image request is then copied into the response of the current server request, causing a reflected XSS vulnerability. Published: April 19, 2024; 12:15:09 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-3654 |
An XSS vulnerability has been found in Teimas Global's Teixo, version 1.42.42-stable. This vulnerability could allow an attacker to send a specially crafted JavaScript payload via the "seconds" parameter in the program's URL, resulting in a possible takeover of a registered user's session. Published: April 19, 2024; 9:15:13 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-2761 |
The Genesis Blocks WordPress plugin before 3.1.3 does not properly escape data input provided to some of its blocks, allowing using with at least contributor privileges to conduct Stored XSS attacks. Published: April 19, 2024; 1:15:49 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-27306 |
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for static file handling. This vulnerability is fixed in 3.9.4. We have always recommended using a reverse proxy server (e.g. nginx) for serving static files. Users following the recommendation are unaffected. Other users can disable `show_index` if unable to upgrade. Published: April 18, 2024; 11:15:29 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-32553 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in looks_awesome Superfly Menu allows Stored XSS.This issue affects Superfly Menu: from n/a through 5.0.25. Published: April 18, 2024; 7:15:38 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-32552 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tagbox Taggbox allows Stored XSS.This issue affects Taggbox: from n/a through 3.2. Published: April 18, 2024; 7:15:38 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-32126 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeroen Peters Navigation menu as Dropdown Widget allows Stored XSS.This issue affects Navigation menu as Dropdown Widget: from n/a through 1.3.4. Published: April 18, 2024; 7:15:37 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-49768 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FormAssembly / Drew Buschhorn WP-FormAssembly allows Stored XSS.This issue affects WP-FormAssembly: from n/a through 2.0.10. Published: April 18, 2024; 7:15:36 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-32586 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Munir Kamal Gutenberg Block Editor Toolkit allows Stored XSS.This issue affects Gutenberg Block Editor Toolkit: from n/a through 1.40.4. Published: April 18, 2024; 6:15:14 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-32585 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in extendWP Import Content in WordPress & WooCommerce with Excel allows Reflected XSS.This issue affects Import Content in WordPress & WooCommerce with Excel: from n/a through 4.2. Published: April 18, 2024; 6:15:14 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-32584 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in StandaloneTech TeraWallet – For WooCommerce allows Stored XSS.This issue affects TeraWallet – For WooCommerce: from n/a through 1.5.0. Published: April 18, 2024; 6:15:14 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-32583 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Photo Gallery Team Photo Gallery by 10Web allows Reflected XSS.This issue affects Photo Gallery by 10Web: from n/a through 1.8.21. Published: April 18, 2024; 6:15:13 AM -0400 |
V3.x:(not available) V2.0:(not available) |