CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9446 – WP Simple Anchors Links <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpanchor Shortcode
https://notcve.org/view.php?id=CVE-2024-9446
The WP Simple Anchors Links plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpanchor shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. ... El complemento WP Simple Anchors Links para WordPress es vulnerable a Cross Site Scripting almacenado a través del código corto wpanchor del complemento en todas las versiones hasta la 1.0.0 incluida, debido a una desinfección de entrada insuficiente y al escape de salida en los atributos proporcionados por el usuario. • source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9434 – WPGlobus Translate Options <= 2.2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-9434
The WPGlobus Translate Options plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0. This is due to missing or incorrect nonce validation on the on__translate_options_page() function. This makes it possible for unauthenticated attackers to inject malicious web scripts and update plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. El complemento WPGlobus Translate Options para WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta la 2.2.0 incluida. Esto se debe a la falta o la validación incorrecta de nonce en la función on__translate_options_page(). • source=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9110 – Cross-Site Scripting In Privileged Identity
https://notcve.org/view.php?id=CVE-2024-9110
A medium severity vulnerability has been identified within Privileged Identity which can allow an attacker to perform reflected cross-site scripting attacks. Se ha identificado una vulnerabilidad de gravedad media en Privileged Identity que puede permitir a un atacante realizar ataques de Cross Site Scripting reflejado. • https://www.beyondtrust.com/trust-center/security-advisories/bt24-09 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50344 – I, Librarian has a Stored XSS vulnerability in Supplemental Files
https://notcve.org/view.php?id=CVE-2024-50344
I, Librarian is an open-source version of a PDF managing SaaS. Supplemental Files are allowed to be viewed in the browser, only if they have a white-listed MIME type. Unfortunately, this logic is broken, thus allowing unsafe files containing Javascript to be executed with the application context. An attacker can exploit this vulnerability by uploading a supplementary file that contains a malicious code or script. This code will then be executed when the file is loaded in the browser. • https://github.com/mkucej/i-librarian-free/commit/a67d7949ffb02fd912ebdcf552df006b44066d78 https://github.com/mkucej/i-librarian-free/security/advisories/GHSA-c2rm-w62w-5xmj • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9708 – Easy SVG Upload <= 1.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
https://notcve.org/view.php?id=CVE-2024-9708
The Easy SVG Upload plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. ... El complemento Easy SVG Upload para WordPress es vulnerable a Cross Site Scripting almacenado a través de cargas de archivos SVG en todas las versiones hasta la 1.0 incluida, debido a una desinfección de entrada y un escape de salida insuficientes. • source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •