CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9505 – Beaver Builder – WordPress Page Builder <= 2.8.4.2 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Button Widget
https://notcve.org/view.php?id=CVE-2024-9505
The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button widget in all versions up to, and including, 2.8.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. • source=cve https://www.wpbeaverbuilder.com/change-logs • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.1EPSS: 0%CPEs: 2EXPL: 1CVE-2024-10478 – LinZhaoguan pb-cms Edit Article edit cross site scripting
https://notcve.org/view.php?id=CVE-2024-10478
The manipulation leads to cross site scripting. ... Mittels dem Manipulieren mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. • https://gitee.com/LinZhaoguan/pb-cms/issues/IAYIAO https://vuldb.com/?ctiid.282089 https://vuldb.com/?id.282089 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.1EPSS: 0%CPEs: 2EXPL: 1CVE-2024-10477 – LinZhaoguan pb-cms Permission Management Page admin#permissions cross site scripting
https://notcve.org/view.php?id=CVE-2024-10477
The manipulation leads to cross site scripting. ... Durch Manipulation mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. • https://gitee.com/LinZhaoguan/pb-cms/issues/IAYIB9 https://vuldb.com/?ctiid.282088 https://vuldb.com/?id.282088 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-51075
https://notcve.org/view.php?id=CVE-2024-51075
A Reflected Cross Site Scripting (XSS) vulnerability was found in /odms/admin/user-search.php in PHPGurukul Online DJ Booking Management System v1.0, which allows remote attackers to execute arbitrary code via the searchdata parameter. • https://github.com/Santoshcyber1/CVE-wirteup/blob/main/Phpgurukul/Online%20DJ%20Booking/DJ%20online%20Cross%20Site%20Scripting%20%20u.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-51076
https://notcve.org/view.php?id=CVE-2024-51076
A Reflected Cross Site Scripting (XSS) vulnerability was found in /odms/admin/booking-search.php in PHPGurukul Online DJ Booking Management System 1.0, which allows remote attackers to execute arbitrary code via the "searchdata" parameter. • https://github.com/Santoshcyber1/CVE-wirteup/blob/main/Phpgurukul/Online%20DJ%20Booking/Reflected%20Cross%20Site%20Scripting%20b.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •