CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51590 – WordPress Hoo Addons for Elementor plugin <= 1.0.6 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-51590
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Hoosoft Hoo Addons for Elementor allows DOM-Based XSS.This issue affects Hoo Addons for Elementor: from n/a through 1.0.6. The Hoo Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. • https://patchstack.com/database/vulnerability/hoo-addons-for-elementor/wordpress-hoo-addons-for-elementor-plugin-1-0-6-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51593 – WordPress Курс валют UAH plugin <= 2.0 - Stored Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-51593
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Glopium Studio Курс валют UAH allows Stored XSS.This issue affects Курс валют UAH: from n/a through 2.0. The Курс валют UAH plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. • https://patchstack.com/database/vulnerability/ukrainian-currency/wordpress-kurs-valyut-uah-plugin-2-0-stored-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51598 – WordPress Selar.co Widget plugin <= 1.2 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-51598
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kendysond Selar.Co Widget allows DOM-Based XSS.This issue affects Selar.Co Widget: from n/a through 1.2. The Selar.co Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. • https://patchstack.com/database/vulnerability/selar-co-widget/wordpress-selar-co-widget-plugin-1-2-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-10086 – Consul Vulnerable To Reflected XSS On Content-Type Error Manipulation
https://notcve.org/view.php?id=CVE-2024-10086
A vulnerability was identified in Consul and Consul Enterprise such that the server response did not explicitly set a Content-Type HTTP header, allowing user-provided inputs to be misinterpreted and lead to reflected XSS. Se identificó una vulnerabilidad en Consul y Consul Enterprise tal que la respuesta del servidor no establecía explícitamente un encabezado HTTP Content-Type, lo que permitía que las entradas proporcionadas por el usuario se malinterpretaran y generaran un XSS reflejado. • https://discuss.hashicorp.com/t/hcsec-2024-24-consul-vulnerable-to-reflected-xss-on-content-type-error-manipulation • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9165 – Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported) <= 4.4.4 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
https://notcve.org/view.php?id=CVE-2024-9165
The Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 4.4.4 due to insufficient input sanitization and output escaping. ... El complemento Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported) para WordPress es vulnerable a Cross Site Scripting almacenado a través de cargas de archivos SVG en todas las versiones hasta la 4.4.4 incluida, debido a una desinfección de entrada y un escape de salida insuficientes. • source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •