CVSS: 7.2EPSS: %CPEs: 1EXPL: 0CVE-2024-9017 – PeepSo Core: Groups <= 6.4.6.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Group Description
https://notcve.org/view.php?id=CVE-2024-9017
02 Jul 2025 — The PeepSo Core: Groups plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Group Description field in all versions up to, and including, 6.4.6.0 due to insufficient input sanitization and output escaping. • source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: %CPEs: 14EXPL: 0CVE-2024-5647 – Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library
https://notcve.org/view.php?id=CVE-2024-5647
02 Jul 2025 — Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled Magnific Popups library (version 1.1.0) in various versions due to insufficient input sanitization and output escaping on user supplied attributes. • source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11405 – WP Front-end login and register <= 2.1.0 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-11405
01 Jul 2025 — The WP Front-end login and register plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the email and wpmp_reset_password_token parameters in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping. ... El complemento WP Front-end login and register para WordPress es vulnerable a ataques de Cross-Site Scripting Reflejado a través de los parámetros email y wpmp_reset_password_token en todas las versiones hasta la 2.1.0 incluida, d... • source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12915 – Reflected XSS in Devinim Software's Modified Koha Library Software
https://notcve.org/view.php?id=CVE-2024-12915
30 Jun 2025 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Devinim Software Library Software allows Reflected XSS.This issue affects Library Software: before 24.11.02. • https://www.usom.gov.tr/bildirim/tr-25-0144 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-52900 – IBM Cognos Analytics cross-site scripting
https://notcve.org/view.php?id=CVE-2024-52900
28 Jun 2025 — IBM Cognos Analytics 11.2.0 through 12.2.4 Fix Pack 5 and 12.0.0 through 12.0.4 is vulnerable to stored cross-site scripting. • https://www.ibm.com/support/pages/node/7238163 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-56915
https://notcve.org/view.php?id=CVE-2024-56915
26 Jun 2025 — Netbox Community v4.1.7 and fixed in v.4.2.2 is vulnerable to Cross Site Scripting (XSS) via the RSS feed widget. • https://github.com/noxlumens/Vulnerability-Research/tree/main/CVE-2024-56915 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-56916
https://notcve.org/view.php?id=CVE-2024-56916
24 Jun 2025 — In Netbox Community 4.1.7, once authenticated, Configuration History > Add`is vulnerable to cross-site scripting (XSS) due to the `current value` field rendering user supplied html. ... Once a victim edits a Configuration History version or attempts to Add a new version, the XSS payload will trigger. • https://github.com/noxlumens/Vulnerability-Research/tree/main/CVE-2024-56916 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-56918
https://notcve.org/view.php?id=CVE-2024-56918
24 Jun 2025 — In Netbox Community 4.1.7, the login page is vulnerable to cross-site scripting (XSS), which allows a privileged, authenticated attacker to exfiltrate user input from the login form. • https://github.com/noxlumens/Vulnerability-Research/tree/main/CVE-2024-56918 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-56917
https://notcve.org/view.php?id=CVE-2024-56917
24 Jun 2025 — Netbox Community 4.1.7 is vulnerable to Cross Site Scripting (XSS) via the maintenance banner` in maintenance mode. • https://github.com/noxlumens/Vulnerability-Research/tree/main/CVE-2024-56917 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50555 – Elementor Website Builder <= 3.29.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-50555
19 Jun 2025 — The Elementor Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.29.0 due to insufficient input sanitization and output escaping. • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •