CVE-2024-8863 – aimhubio aim Text Explorer textbox.tsx dangerouslySetInnerHTML cross site scripting
https://notcve.org/view.php?id=CVE-2024-8863
The manipulation of the argument query leads to cross site scripting. ... Durch die Manipulation des Arguments query mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. • https://rumbling-slice-eb0.notion.site/Stored-XSS-through-TEXT-EXPLORER-in-aimhubio-aim-d0f07b7194724950a673498546d80d43? • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-8783 – OpenTibiaBR MyAAC Post Reply new_post.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-8783
The manipulation of the argument post_topic leads to cross site scripting. ... Durch die Manipulation des Arguments post_topic mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. • https://github.com/opentibiabr/myaac/issues/121 https://github.com/opentibiabr/myaac/pull/122 https://github.com/opentibiabr/myaac/pull/122/commits/bf6ae3df0d32fa22552bb44ca4f8489a6e78cc1c https://vuldb.com/?ctiid.277434 https://vuldb.com/?id.277434 https://vuldb.com/?submit.406368 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-31414
https://notcve.org/view.php?id=CVE-2024-31414
The Eaton Foreseer software provides users the capability to customize the dashboard in WebView pages. However, the input fields for this feature in the Eaton Foreseer software lacked proper input sanitization on the server-side, which could lead to injection and execution of malicious scripts when abused by bad actors. • https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2024-1008.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-8724 – Waitlist Woocommerce ( Back in stock notifier ) <= 2.7.5 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-8724
The Waitlist Woocommerce ( Back in stock notifier ) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.7.5. • source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-7133 – My Sticky Bar < 2.7.3 - Admin+ Stored XSS
https://notcve.org/view.php?id=CVE-2024-7133
The Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any WordPress plugin before 2.7.3 does not validate and escape some of its settings before outputting them back in the page, which could allow users with a high role to perform Stored Cross-Site Scripting attacks. • https://wpscan.com/vulnerability/c81c1622-33d1-41f2-ba63-f06bd4c125ab •