CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-41752 – IBM Cognos Analytics HTML injection
https://notcve.org/view.php?id=CVE-2024-41752
IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 is vulnerable to HTML injection. • https://www.ibm.com/support/pages/node/7177223 • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 7.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-51646 – WordPress Saoshyant Element plugin <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-51646
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saoshyant Saoshyant Element allows Reflected XSS.This issue affects Saoshyant Element: from n/a through 1.2. • https://patchstack.com/database/wordpress/plugin/saoshyant-element/vulnerability/wordpress-saoshyant-element-plugin-1-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-56016 – WordPress Image Mapper plugin <= 0.2.5.3 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-56016
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPTooling Image Mapper allows Reflected XSS.This issue affects Image Mapper: from n/a through 0.2.5.3. • https://patchstack.com/database/wordpress/plugin/image-mapper/vulnerability/wordpress-image-mapper-plugin-0-2-5-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: -EPSS: 0%CPEs: -EXPL: 0CVE-2024-55239
https://notcve.org/view.php?id=CVE-2024-55239
A reflected Cross-Site Scripting vulnerability in the standard documentation upload functionality in Portabilis i-Educar 2.9 allows attacker to craft malicious urls with arbitrary javascript in the 'titulo_documento' parameter. Una vulnerabilidad de Cross-Site Scripting reflejado en la funcionalidad de carga de documentación estándar en Portabilis i-Educar 2.9 permite a un atacante manipular URL maliciosas con javascript arbitrario en el parámetro 'titulo_documento'. • https://github.com/RegularUs3r/CVE-Research/blob/main/CVE-2024/Portabilis%20-%20iEducar/CVE-2024-55649%20-%20Reflected%20Cross-Site%20Scripting.md •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-55492
https://notcve.org/view.php?id=CVE-2024-55492
Winmail Server 4.4 is vulnerable to f_user=%22%3E%3Csvg%20onload Cross Site Scripting (XSS). • http://winmail.com https://github.com/qtxz54/Vul/blob/main/XSS/Winmail-Server.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •