CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-28803
https://notcve.org/view.php?id=CVE-2024-28803
13 Mar 2025 — Cross-site scripting (XSS) vulnerability in Italtel S.p.A. i-MCS NFV v.12.1.0-20211215 allows unauthenticated remote attackers to inject arbitrary web script or HTML into HTTP/POST parameter • https://www.gruppotim.it/it/footer/red-team.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.2EPSS: 0%CPEs: -EXPL: 0CVE-2024-34398
https://notcve.org/view.php?id=CVE-2024-34398
12 Mar 2025 — The web application allows stored HTML Injection by authenticated remote attackers. • https://www.gruppotim.it/it/footer/red-team.html • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-56338 – IBM Sterling B2B Integrator cross-site scripting
https://notcve.org/view.php?id=CVE-2024-56338
11 Mar 2025 — IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.3 is vulnerable to cross-site scripting. • https://www.ibm.com/support/pages/node/7185265 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-51320
https://notcve.org/view.php?id=CVE-2024-51320
11 Mar 2025 — Cross Site Scripting vulnerability in Zucchetti Ad Hoc Infinity 2.4 allows an authenticated attacker to achieve Remote Code Execution via the /servlet/gsdm_fsave_htmltmp, /servlet/gsdm_btlk_openfile components • https://members.backbox.org/zucchetti-ad-hoc-infinity-multiple-vulnerabilities • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-51322
https://notcve.org/view.php?id=CVE-2024-51322
11 Mar 2025 — Cross Site Scripting vulnerability in Zucchetti Ad Hoc Infinity 2.4 allows an authenticated attacker to achieve Remote Code Execution via the /jsp/home.jsp, /jsp/gsfr_feditorHTML.jsp, /servlet/SPVisualZoom, /jsp/gsmd_container.jsp components • https://members.backbox.org/zucchetti-ad-hoc-infinity-multiple-vulnerabilities • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12589 – Finale Lite – Sales Countdown Timer & Discount for WooCommerce <= 2.19.0 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Countdown Timer
https://notcve.org/view.php?id=CVE-2024-12589
11 Mar 2025 — The Finale Lite – Sales Countdown Timer & Discount for WooCommerce plugin for WordPress is vulnerable to Stored DOM-Based Cross-Site Scripting via the countdown timer in all versions up to, and including, 2.19.0 due to insufficient input sanitization and output escaping. • source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0CVE-2024-44192 – Debian Security Advisory 5885-1
https://notcve.org/view.php?id=CVE-2024-44192
10 Mar 2025 — If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. • https://support.apple.com/en-us/121238 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52812 – LF Edge eKuiper has Stored XSS in Rules Functionality
https://notcve.org/view.php?id=CVE-2024-52812
10 Mar 2025 — Prior to version 2.0.8, auser with rights to modify the service (e.g. kuiperUser role) can inject a cross-site scripting payload into the rule `id` parameter. • https://github.com/lf-edge/ekuiper/blob/dbce32d5a195cf1de949b3a6a4e29f0df0f3330d/internal/server/rest.go#L681 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13413 – ProductDyno <= 1.0.24 - Reflected Cross-Site Scripting via 'res' Parameter
https://notcve.org/view.php?id=CVE-2024-13413
10 Mar 2025 — The ProductDyno plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘res’ parameter in all versions up to, and including, 1.0.24 due to insufficient input sanitization and output escaping. ... This vulnerability is potentially a duplicate of CVE-2025-22320. • source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13919 – Laravel Reflected XSS via Route Parameter in Debug-Mode Error Page
https://notcve.org/view.php?id=CVE-2024-13919
10 Mar 2025 — The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of route parameters in the debug-mode error page. • https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20241209-02_Laravel_Reflected_XSS_via_Route_Parameter_in_Debug-Mode_Error_Page • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •