CVE-2024-13116

LOW Year: 2024
CVSS v3 Score
3.8
Low
Weakness Type
CWE-79
View all →

Vulnerability Description

The Crelly Slider WordPress plugin before 1.4.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

Related Vulnerabilities

CVE-2021-3830

LOW
CVSS:3.8(Low)

btcpayserver is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-792021

CVE-2022-1530

LOW
CVSS:3.8(Low)

Cross-site Scripting (XSS) in GitHub repository livehelperchat/livehelperchat prior to 3.99v. The attacker can execute malicious JavaScript on the application.

CWE-792022

CVE-2022-2256

LOW
CVSS:3.8(Low)

A Stored Cross-site scripting (XSS) vulnerability was found in keycloak as shipped in Red Hat Single Sign-On 7. This flaw allows a privileged attacker to execute malicious scripts in the admin console...

CWE-792022

CVE-2023-3142

LOW
CVSS:3.8(Low)

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 2.0.

CWE-792023

CVE-2024-13308

LOW
CVSS:3.8(Low)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Browser Back Button allows Cross-Site Scripting (XSS).This issue affects Browser Back Butto...

CWE-792024

CVE-2024-2972

LOW
CVSS:3.8(Low)

The Floating Chat Widget: Contact Chat Icons, WhatsApp, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button WordPress plugin before 3.1.9 does not sanitise and escape some of its settings, ...

CWE-792024