CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52888 – Stored-XSS
https://notcve.org/view.php?id=CVE-2024-52888
27 Apr 2025 — For an authenticated end-user the portal may run a script while attempting to display a directory or some file's properties. • https://support.checkpoint.com/results/sk/sk183055 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52887 – Self-XSS
https://notcve.org/view.php?id=CVE-2024-52887
27 Apr 2025 — Authenticated end-user may set a specially crafted SNX bookmark that can make their browser run a script while accessing their own bookmark list. • https://support.checkpoint.com/results/sk/sk183054 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56156 – Halo Vulnerable to Stored XSS and RCE via File Upload Bypass
https://notcve.org/view.php?id=CVE-2024-56156
25 Apr 2025 — This bypass enables the upload of malicious files including executables and HTML files, which can lead to stored cross-site scripting attacks and potential remote code execution under certain circumstances. • https://github.com/halo-dev/halo/security/advisories/GHSA-99mc-ch53-pqh9 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30113 – HCL Leap is affected by a cross-site scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-30113
24 Apr 2025 — Insufficient sanitization policy in HCL Leap allows client-side script injection in the deployed application through the HTML widget. Insufficient sanitization policy in HCL Leap allows client-side script injection in the deployed application through the HTML widget. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0119900 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30114 – HCL Leap is affected by a cross-site scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-30114
24 Apr 2025 — Insufficient sanitization in HCL Leap allows client-side script injection in the authoring environment. Insufficient sanitization in HCL Leap allows client-side script injection in the authoring environment. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0119900 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30147 – HCL Leap is affected by a cross-site scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-30147
24 Apr 2025 — Multiple vectors in HCL Leap allow client-side script injection in the authoring environment and deployed applications. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0119900 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-53568
https://notcve.org/view.php?id=CVE-2024-53568
22 Apr 2025 — A stored cross-site scripting (XSS) vulnerability in the Image Upload section of Volmarg Personal Management System v1.4.65 allows authenticated attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the tag parameter. Una vulnerabilidad de cross-site scripting (XSS) almacenado en la sección de carga de imágenes de Volmarg Personal Management System v1.4.65 permite a atacantes autenticados ejecutar scripts web o HTML arbitrarios mediante la inyecc... • https://medium.com/@rudranshsinghrajpurohit/cve-2024-53568-stored-cross-site-scripting-xss-vulnerability-in-volmarg-personal-management-cfbaec55046f • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-53569
https://notcve.org/view.php?id=CVE-2024-53569
22 Apr 2025 — A stored cross-site scripting (XSS) vulnerability in the New Goal Creation section of Volmarg Personal Management System v1.4.65 allows authenticated attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the description parameter. Una vulnerabilidad de cross-site scripting (XSS) almacenado en la sección de creación de nuevos objetivos de Volmarg Personal Management System v1.4.65 permite a atacantes autenticados ejecutar scripts web o HTML arbitr... • https://medium.com/@rudranshsinghrajpurohit/cve-2024-53569-stored-cross-site-scripting-xss-in-volmarg-personal-management-system-6cb0b9d6fe88 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.6EPSS: 0%CPEs: -EXPL: 0CVE-2024-12863 – Stored XSS in Discussions functionality
https://notcve.org/view.php?id=CVE-2024-12863
21 Apr 2025 — Stored XSS in Discussions in OpenText Content Management CE 20.2 to 25.1 on Windows and Linux allows authenticated malicious users to inject code into the system. Los XSS almacenado en Discussions en OpenText Content Management CE 20.2 a 25.1 en Windows y Linux permiten que usuarios maliciosos autenticados inyecten código en el sistema. • https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0839121 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-41446
https://notcve.org/view.php?id=CVE-2024-41446
21 Apr 2025 — A stored cross-site scripting (XSS) vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the image parameter under the Create/Modify article function. Una vulnerabilidad de cross-site scripting (XSS) almacenado en Alkacon OpenCMS v17.0 permite a los atacantes ejecutar scripts web o HTML arbitrarios a través de un payload manipulado inyectado en el parámetro de imagen bajo la función Crear/Modificar ar... • https://github.com/Sidd545-cr/CVE/blob/main/CVE-2024-41446%20-%20Stored%20XSS%20in%20image%20copyright%20attribute.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •