Total
37638 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-50545 | 2024-11-19 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Auburnforest DataMentor allows DOM-Based XSS.This issue affects DataMentor: from n/a through 1.7. | |||||
| CVE-2024-51803 | 2024-11-19 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Magnetic Creative Inline Click To Tweet allows DOM-Based XSS.This issue affects Inline Click To Tweet: from n/a through 1.0.0. | |||||
| CVE-2024-11224 | 2024-11-19 | N/A | 6.4 MEDIUM | ||
| The Parallax Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘position’ parameter in all versions up to, and including, 1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-50548 | 2024-11-19 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Abdullah Nahian Awesome Progress Bar allows DOM-Based XSS.This issue affects Awesome Progress Bar: from n/a through 1.0.1. | |||||
| CVE-2024-51824 | 2024-11-19 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sony7596, mrseankumar25, miraclewebssoft Advanced Video Player with Analytics allows DOM-Based XSS.This issue affects Advanced Video Player with Analytics: from n/a through 1. | |||||
| CVE-2024-11198 | 2024-11-19 | N/A | 6.4 MEDIUM | ||
| The GD Rating System plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘extra_class’ parameter in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-51828 | 2024-11-19 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Daniel J Griffiths Beacon For Help Scout allows DOM-Based XSS.This issue affects Beacon For Help Scout: from n/a through 1.3.0. | |||||
| CVE-2024-50542 | 2024-11-19 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zach Silberstein RLM Elementor Widgets Pack allows DOM-Based XSS.This issue affects RLM Elementor Widgets Pack: from n/a through 1.3.1. | |||||
| CVE-2024-50551 | 2024-11-19 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alessandro Staniscia EndomondoWP allows Stored XSS.This issue affects EndomondoWP: from n/a through 0.1.1. | |||||
| CVE-2024-51795 | 2024-11-19 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ByteLabX Pdf Embedder Fay allows DOM-Based XSS.This issue affects Pdf Embedder Fay: from n/a through 1.10.1. | |||||
| CVE-2024-50521 | 2024-11-19 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in alleythemes Alley Elementor Widget allows DOM-Based XSS.This issue affects Alley Elementor Widget: from n/a through 1.0.7. | |||||
| CVE-2024-50516 | 2024-11-19 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Adam Skaat Countdown & Clock allows Stored XSS.This issue affects Countdown & Clock: from n/a through 2.8.0.9. | |||||
| CVE-2024-51829 | 2024-11-19 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Figoli Quinn & Associates Mobile Kiosk allows Stored XSS.This issue affects Mobile Kiosk: from n/a through 1.3.0. | |||||
| CVE-2024-50536 | 2024-11-19 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Intuitive Design GDReseller allows DOM-Based XSS.This issue affects GDReseller: from n/a through 1.6. | |||||
| CVE-2024-51797 | 2024-11-19 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Md. Shiddikur Rahman Ultimate Accordion allows DOM-Based XSS.This issue affects Ultimate Accordion: from n/a through 1.0. | |||||
| CVE-2024-52349 | 2024-11-19 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Md. Shiddikur Rahman Awesome Tool Tip allows DOM-Based XSS.This issue affects Awesome Tool Tip: from n/a through 1.0. | |||||
| CVE-2024-52347 | 2024-11-19 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP website creator Website remote Install vor Gravity, WPForms, Formidable, Ninja, Caldera allows Stored XSS.This issue affects Website remote Install vor Gravity, WPForms, Formidable, Ninja, Caldera: from n/a through 4.0. | |||||
| CVE-2024-51805 | 2024-11-19 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Yonatan Reinberg yPHPlista allows Stored XSS.This issue affects yPHPlista: from n/a through 1.1.1. | |||||
| CVE-2024-50517 | 2024-11-19 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SlovenskoIT a.s. ID-SK Toolkit allows Stored XSS.This issue affects ID-SK Toolkit: from n/a through 1.7.2. | |||||
| CVE-2024-50540 | 2024-11-19 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DemixPress (dp) AddThis allows Stored XSS.This issue affects (dp) AddThis: from n/a through 1.0.2. | |||||