CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11776 – PCRecruiter Extensions <= 1.4.10 - Authenticated (Contributor+) Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-11776
The PCRecruiter Extensions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'PCRecruiter' shortcode in all versions up to, and including, 1.4.10 due to insufficient input sanitization and output escaping on user supplied attributes. • source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 2.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-9101 – phpLDAPadmin: Reflected Cross-Site Scripting in entry_chooser.php
https://notcve.org/view.php?id=CVE-2024-9101
A reflected cross-site scripting (XSS) vulnerability in the 'Entry Chooser' of phpLDAPadmin (version 1.2.1 through the latest version, 1.2.6.7) allows attackers to execute arbitrary JavaScript in the user's browser via the 'element' parameter, which is unsafely passed to the JavaScript 'eval' function. • https://github.com/leenooks/phpLDAPadmin/blob/master/htdocs/entry_chooser.php https://github.com/leenooks/phpLDAPadmin/commit/f713afc8d164169516c91b0988531f2accb9bce6#diff-c2d6d7678ada004e704ee055169395a58227aaec86a6f75fa74ca18ff49bca44R27 https://sourceforge.net/projects/phpldapadmin/files/phpldapadmin-php5/1.2.1 https://www.redguard.ch/blog/2024/12/19/security-advisory-phpldapadmin • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-12783 – itsourcecode Vehicle Management System billaction.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-12783
The manipulation of the argument extra-cost leads to cross site scripting. ... Dank der Manipulation des Arguments extra-cost mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. • https://github.com/FinleyTang/Vehicle-Management-System/blob/main/Vehicle%20Management%20System%20billaction.php%20has%20Cross-site%20Scripting%20(XSS).pdf https://itsourcecode.com https://vuldb.com/? • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11806 – PKT1 Centro de envios <= 1.2.1 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-11806
The PKT1 Centro de envios plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'success' and 'error' parameters in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. • source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-25042 – IBM Cognos Analytics cross-site scripting
https://notcve.org/view.php?id=CVE-2024-25042
IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 is potentially vulnerable to Cross Site Scripting (XSS). • https://www.ibm.com/support/pages/node/7173592 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •