CVE-2024-4899

MEDIUM Year: 2024
CVSS v3 Score
5.0
Medium
Weakness Type
CWE-79
View all →

Vulnerability Description

The SEOPress WordPress plugin before 7.8 does not sanitise and escape some of its Post settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks.

Related Vulnerabilities

CVE-2017-18783

MEDIUM
CVSS:5.0(Medium)

Certain NETGEAR devices are affected by XSS. This affects D6200 before 1.1.00.24, D7000 before 1.0.1.52, JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.12, JWNR2010v5 before 1.1.0.44, PR2000 before 1....

CWE-792017

CVE-2017-18784

MEDIUM
CVSS:5.0(Medium)

Certain NETGEAR devices are affected by XSS. This affects D6200 before 1.1.00.24, D7000 before 1.0.1.52, JNR1010v2 before 1.1.0.44, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R6020 before 1.0...

CWE-792017

CVE-2019-1677

MEDIUM
CVSS:5.0(Medium)

A vulnerability in Cisco Webex Meetings for Android could allow an unauthenticated, local attacker to perform a cross-site scripting attack against the application. The vulnerability is due to insuffi...

CWE-792019

CVE-2023-5244

MEDIUM
CVSS:5.0(Medium)

Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 2.0.

CWE-792023

CVE-2024-23998

MEDIUM
CVSS:5.0(Medium)

goanother Another Redis Desktop Manager =<1.6.1 is vulnerable to Cross Site Scripting (XSS) via src/components/Setting.vue.

CWE-792024

CVE-2024-31574

MEDIUM
CVSS:5.0(Medium)

Cross Site Scripting vulnerability in TWCMS v.2.6 allows a local attacker to execute arbitrary code via a crafted script

CWE-792024