CVE-2024-29933

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in GhozyLab, Inc. Web Icons allows Stored XSS.This issue affects Web Icons: from n/a through 1.0.0.10...

CVE-2024-4391

The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Event Calendar widget in all versions up to, and including, 3.10.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-34255

jizhicms v2.5.1 contains a Cross-Site ScriptingXSS vulnerability in the message function...

CVE-2024-50351

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Reflected Cross-Site Scripting XSS vulnerability in the "section" parameter of the "logs" tab of a device allows attackers to inject arbitrary JavaScript. This vulnerability results in the execution of malicious code wh...

CVE-2024-1814

The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Testimonial block in all versions up to, and including, 2.12.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

CVE-2024-1236

The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Filterable Controls label icon parameter in all versions up to, and including, 5.9.8 due to insufficient input sanitization...

CVE-2024-9446

The WP Simple Anchors Links plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpanchor shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-47632

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Detheme DethemeKit For Elementor dethemekit-for-elementor allows Stored XSS.This issue affects DethemeKit For Elementor: from n/a through = 2.1.7...

CVE-2024-54451

A cross-site scripting XSS vulnerability in the graphicCustomization.do page in Kurmi Provisioning Suite before 7.9.0.38, 7.10.x through 7.10.0.18, and 7.11.x through 7.11.0.15 allows remote attackers authenticated as system administrators to inject arbitrary web script or HTML via the...

CVE-2024-6415

A vulnerability classified as problematic was found in Ingenico Estate Manager 2023. Affected by this vulnerability is an unknown functionality of the file /emgui/rest/preferences/PREFHOMEPAGE/sponsor/3/ of the component New Widget Handler. The manipulation of the argument URL leads to cross site...

CVE-2024-51735

Osmedeus is a Workflow Engine for Offensive Security. Cross-site Scripting XSS occurs on the Osmedues web server when viewing results from the workflow, allowing commands to be executed on the server. When using a workflow that contains the summary module, it generates reports in HTML and Markdow...

CVE-2024-51430

Cross Site Scripting vulnerability in online diagnostic lab management system using php v.1.0 allows a remote attacker to execute arbitrary code via the Test Name parameter on the diagnostic/add-test.php component...

CVE-2024-51628

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in EzyOnlineBookings EzyOnlineBookings Online Booking System Widget ezyonlinebookings-online-booking-system allows DOM-Based XSS.This issue affects EzyOnlineBookings Online Booking System Widget: from...

CVE-2024-51826

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jandal Bitcoin Payments bitcoin-payments allows DOM-Based XSS.This issue affects Bitcoin Payments: from n/a through = 1.4.2...

CVE-2024-51677

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ajay Knowledge Base knowledgebase allows Stored XSS.This issue affects Knowledge Base: from n/a through = 2.2.0...

CVE-2024-51848

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in digitalzoomstudio Parallaxer parallaxer-lite-parallax-effects-on-images allows Stored XSS.This issue affects Parallaxer: from n/a through = 1.00...

CVE-2024-51590

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in HooThemes Hoo Addons for Elementor hoo-addons-for-elementor allows DOM-Based XSS.This issue affects Hoo Addons for Elementor: from n/a through = 1.0.6...

CVE-2024-51877

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in straightvisions GmbH SV Forms sv-forms allows DOM-Based XSS.This issue affects SV Forms: from n/a through = 2.0.05...

CVE-2024-6532

The Sheet to Table Live Sync for Google Sheet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's STWTSheetTable shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes ...

CVE-2024-33932

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Vinod Dalvi Login Logout Register Menu allows Stored XSS.This issue affects Login Logout Register Menu: from n/a through 2.0...