CVSS: 8.5EPSS: %CPEs: -EXPL: 0CVE-2024-12021 – Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-12021
31 Mar 2025 — Coverity versions prior to 2024.9.0 are vulnerable to stored cross-site scripting (XSS) in various administrative interfaces. The impact of exploitation may result in the compromise of local accounts managed by the Coverity platform as well as other standard impacts resulting from cross-site scripting. • https://community.blackduck.com/s/article/Black-Duck-Product-Security-Advisory-CVE-2024-12021 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: %CPEs: 1EXPL: 0CVE-2024-55093
https://notcve.org/view.php?id=CVE-2024-55093
31 Mar 2025 — phpIPAM through 1.7.3 has a reflected Cross-Site Scripting (XSS) vulnerability in the install scripts. • https://github.com/phpipam/phpipam/commit/d0caaeba885364fd0521f094511c5d7b11f9da8f • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39311 – Publify Vulnerable To Cross-Site Scripting (XSS) Via Redirects Requiring User Interaction
https://notcve.org/view.php?id=CVE-2024-39311
28 Mar 2025 — Prior to version 10.0.1 of Publify, corresponding to versions prior to 10.0.2 of the `publify_core` rubygem, publisher on a `publify` application is able to perform a cross-site scripting (XSS) attack on an administrator using the redirect functionality. The exploitation of this XSS vulnerability requires the administrator to click a malicious link. • https://github.com/publify/publify/security/advisories/GHSA-8fm5-gg2f-f66q • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11180 – ElementsKit Elementor addons <= 3.4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-11180
28 Mar 2025 — The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown Timer Widget ekit_countdown_timer_title parameter in all versions up to, and including, 3.4.7 due to insufficient input sanitization and output escaping. • source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-58128
https://notcve.org/view.php?id=CVE-2024-58128
28 Mar 2025 — ., without using the CLI) and thus attackers with admin privileges can conduct XSS attacks via a global menu link. • https://github.com/MISP/MISP/commit/33a1eb66408e16a7535b2bae48303efd9501a26a • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-58129
https://notcve.org/view.php?id=CVE-2024-58129
28 Mar 2025 — ., without using the CLI) and thus attackers with admin privileges can conduct XSS attacks against every page. • https://github.com/MISP/MISP/commit/09a43870e733f79ffa33753ddc7bce3cbb5a5647 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-58130
https://notcve.org/view.php?id=CVE-2024-58130
28 Mar 2025 — In app/Controller/Component/RestResponseComponent.php in MISP before 2.4.193, REST endpoints have a lack of sanitization for non-JSON responses. • https://github.com/MISP/MISP/commit/f08a2eaec25f0212c22b225c0b654bd60d089ef9 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-12683 – Smart Maintenance Mode < 1.5.2 - Admin+ Stored XSS
https://notcve.org/view.php?id=CVE-2024-12683
26 Mar 2025 — The Smart Maintenance Mode WordPress plugin before 1.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). • https://wpscan.com/vulnerability/1569ee00-56c3-4a1b-940e-e0256a748675 •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13702 – CRM and Lead Management by vcita <= 2.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-13702
25 Mar 2025 — The CRM and Lead Management by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'vCitaMeetingScheduler' and 'vCitaSchedulingCalendar' shortcodes in all versions up to, and including, 2.7.4 due to insufficient input sanitization and output escaping on user supplied attributes. • source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53679 – Apache VCL: XSS vulnerability in User Lookup impacting user privileges
https://notcve.org/view.php?id=CVE-2024-53679
25 Mar 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache VCL in the User Lookup form. ... Vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web ('Cross-site Scripting') en Apache VCL en el formulario de búsqueda de usuarios. • https://lists.apache.org/thread/bq5vs0hndt9cz9b6rpfr5on1nd4qrmyr • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •