CVSS: -EPSS: 0%CPEs: -EXPL: 0CVE-2024-56115
https://notcve.org/view.php?id=CVE-2024-56115
It allows remote attackers to conduct a Cross-Site Scripting (XSS) attack. ... Permite a atacantes remotos realizar un ataque Cross-Site Scripting (XSS). • https://github.com/ComplianceControl/CVE-2024-56115 •
CVSS: 4.7EPSS: 0%CPEs: -EXPL: 0CVE-2024-56173
https://notcve.org/view.php?id=CVE-2024-56173
In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be stored and subsequently executed in users' browsers under specific conditions: XSS from JavaScript in an SVG document. • https://support.optimizely.com/hc/en-us/articles/32344323720973-Configured-Commerce-Security-Advisory-COM-2024-01 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-56174
https://notcve.org/view.php?id=CVE-2024-56174
In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be stored and subsequently executed in users' browsers under specific conditions: XSS from client-side template injection in search history. • https://support.optimizely.com/hc/en-us/articles/32344323720973-Configured-Commerce-Security-Advisory-COM-2024-01 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-56175
https://notcve.org/view.php?id=CVE-2024-56175
In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be stored and subsequently executed in users' browsers under specific conditions: XSS from client-side template injection in list item names. • https://support.optimizely.com/hc/en-us/articles/32344323720973-Configured-Commerce-Security-Advisory-COM-2024-01 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12626 – AutomatorWP <= 5.0.9 - Reflected Cross-Site Scripting via a-0-o-search_field_value
https://notcve.org/view.php?id=CVE-2024-12626
The AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘a-0-o-search_field_value’ parameter in all versions up to, and including, 5.0.9 due to insufficient input sanitization and output escaping. • source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •