CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-8444 – Download Manager < 3.3.00 - Contributor+ Stored XSS
https://notcve.org/view.php?id=CVE-2024-8444
The Download Manager WordPress plugin before 3.3.00 doesn't sanitize some of it's shortcode parameters, leading to cross site scripting. El complemento Download Manager de WordPress anterior a la versión 3.3.00 no desinfecta algunos de sus parámetros de código corto, lo que genera Cross Site Scripting. • https://wpscan.com/vulnerability/bf2f5aa8-a161-43ff-a6ee-8603aaba8012 •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10503 – Klokan MapTiler tileserver-gl URL cross site scripting
https://notcve.org/view.php?id=CVE-2024-10503
The manipulation of the argument key leads to cross site scripting. ... La manipulación del argumento key conduce a Cross Site Scripting. ... Durch das Manipulieren des Arguments key mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. • https://vuldb.com/?ctiid.282443 https://vuldb.com/?id.282443 https://vuldb.com/?submit.427302 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-31972
https://notcve.org/view.php?id=CVE-2024-31972
EnGenius ESR580 A8J-EMR5000 devices allow a remote attacker to conduct stored XSS attacks that could lead to arbitrary JavaScript code execution (under the context of the user's session) via the Wi-Fi SSID input fields. ... Los dispositivos EnGenius ESR580 A8J-EMR5000 permiten a un atacante remoto realizar ataques XSS almacenado que podrían provocar la ejecución de código JavaScript arbitrario (en el contexto de la sesión del usuario) a través de los campos de entrada SSID de Wi-Fi. • https://github.com/actuator/cve/blob/main/Engenius/CVE-2024-31972 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.2EPSS: 0%CPEs: -EXPL: 0CVE-2024-31973
https://notcve.org/view.php?id=CVE-2024-31973
Hitron CODA-4582 2AHKM-CODA4589 7.2.4.5.1b8 devices allow a remote attacker within Wi-Fi proximity to conduct stored XSS attacks via the 'Network Name (SSID)' input fields to the /index.html#wireless_basic page. Los dispositivos Hitron CODA-4582 2AHKM-CODA4589 7.2.4.5.1b8 permiten que un atacante remoto cerca de una red Wi-Fi realice ataques XSS almacenado a través de los campos de entrada 'Nombre de red (SSID)' en la página /index.html#wireless_basic. • https://github.com/actuator/cve/blob/main/Hitron/CVE-2024-31973 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-48648
https://notcve.org/view.php?id=CVE-2024-48648
A Reflected Cross-Site Scripting (XSS) vulnerability exists in the Sage 1000 v 7.0.0. ... Existe una vulnerabilidad de Cross Site Scripting (XSS) Reflejado en Sage 1000 v 7.0.0. • https://github.com/hx381/Sage-1000-v7.0.0-Exploit/blob/main/README.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •