CVE-2024-4619 Elementor Website Builder – More than Just a Page Builder <= 3.21.5 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting

The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘hoveranimation’ parameter in versions up to, and including, 3.21.5 due to insufficient input sanitization and output escaping. This makes it possible...

WordPress Elementor Website Builder plugin < 3.21.6 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ DOM-Based Stored Cross-Site Scripting vulnerability discovered by Webbernaut in WordPress Plugin Elementor Website Builder versions 3.21.6...

Elementor Website Builder < 3.21.6 - Contributor+ DOM Stored XSS

Description The plugin is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘hoveranimation’ parameter due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web...

CVE-2024-4333

The Sina Extension for Elementor Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting via several parameters in versions up to, and including, 3.5.3 due to insufficient input...

CVE-2024-4490

The Elegant Themes Divi theme, Extra theme, and Divi Page Builder plugin for WordPress are vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘title’ parameter in versions up to, and including, 4.25.0 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2024-34698

FreeScout is a free, self-hosted help desk and shared mailbox. Versions of FreeScout prior to 1.8.139 contain a Prototype Pollution vulnerability in the /public/js/main.js source file. The Prototype Pollution arises because the getQueryParam Function recursively merges an object containing...

CVE-2024-4333 Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) <= 3.5.3 - Authenticated (Contributor+) DOM-Based Cross-Site Scripting

The Sina Extension for Elementor Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting via several parameters in versions up to, and including, 3.5.3 due to insufficient input...

CVE-2024-4333

CVE-2024-4333 is a DOM-based XSS vulnerability in the Sina Extension for Elementor WordPress plugin. Connected PatchStack details indicate the issue exists in versions

CVE-2024-4333 Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) <= 3.5.3 - Authenticated (Contributor+) DOM-Based Cross-Site Scripting

The Sina Extension for Elementor Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting via several parameters in versions up to, and including, 3.5.3 due to insufficient input...

PT-2024-30497 · WordPress · Sina Extension For Elementor

Name of the Vulnerable Software and Affected Versions: The Sina Extension for Elementor plugin for WordPress versions up to, and including, 3.5.3 Description: The issue is related to DOM-Based Cross-Site Scripting due to insufficient input sanitization and output escaping, allowing authenticated...

CVE-2024-4490 Elegant Themes Divi Theme, Extra Theme, Divi Page Builder <= 4.25.0 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting

The Elegant Themes Divi theme, Extra theme, and Divi Page Builder plugin for WordPress are vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘title’ parameter in versions up to, and including, 4.25.0 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2024-4490

The CVE-2024-4490 entry concerns the Elegant Themes Divi product family (Divi theme, Divi Extra, Divi Page Builder) with DOM-Based Stored XSS via the title parameter in versions up to and including 4.25.0. The vulnerability arises from insufficient input sanitization and output escaping, enabling...

CVE-2024-4490 Elegant Themes Divi Theme, Extra Theme, Divi Page Builder <= 4.25.0 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting

The Elegant Themes Divi theme, Extra theme, and Divi Page Builder plugin for WordPress are vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘title’ parameter in versions up to, and including, 4.25.0 due to insufficient input sanitization and output escaping. This makes it possible for...

PT-2024-31295 · Elegant Themes · Extra +2

Name of the Vulnerable Software and Affected Versions: Elegant Themes Divi theme versions up to 4.25.0 Elegant Themes Extra theme versions up to 4.25.0 Divi Page Builder plugin for WordPress versions up to 4.25.0 Description: The issue is related to DOM-Based Stored Cross-Site Scripting due to...

CVE-2024-1166 Image Hover Effects - Elementor Addon <= 1.4.1 - Authenticated(Contributor+) DOM-based Stored Cross-Site Scripting via Image Hover Effects Widget

The Image Hover Effects – Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Hover Effects Widget in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2024-27202

CVE-2024-27202 is a DOM-based XSS in the BIG-IP Configuration utility. Affected BIG-IP versions include 17.1.0–17.1.1, 16.1.0–16.1.4, and 15.1.0–15.1.10. An attacker can run JavaScript in the context of an authenticated admin session via a malicious page, a control-plane issue with no data-plane ...

CVE-2024-27202 BIG-IP TMUI XSS vulnerability

A DOM-based cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2024-27202 BIG-IP TMUI XSS vulnerability

A DOM-based cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

WordPress Image Hover Effects - Elementor Addon plugin <= 1.4.1 - Authenticated(Contributor+) DOM-based Stored Cross-Site Scripting via Image Hover Effects Widget vulnerability

WordPress Image Hover Effects - Elementor Addon plugin = 1.4.1 - AuthenticatedContributor+ DOM-based Stored Cross-Site Scripting via Image Hover Effects Widget vulnerability discovered by Webbernaut in WordPress Plugin Image Hover Effects – Elementor Addon versions = 1.4.1...

Supreme Modules Lite – Divi Theme, Extra Theme and Divi Builder < 2.5.4 - Contrib+ DOM-Based Cross-Site Scripting

Description The Supreme Modules Lite – Divi Theme, Extra Theme and Divi Builder plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting via the ‘typingcursor’ parameter in versions up to, and including, 2.5.3 due to insufficient input sanitization and output escaping. This makes it...