CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10227 – affiliate-toolkit <= 3.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via atkp_product Shortcode
https://notcve.org/view.php?id=CVE-2024-10227
The affiliate-toolkit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's atkp_product shortcode in all versions up to, and including, 3.6.5 due to insufficient input sanitization and output escaping on user supplied attributes. ... El complemento affiliate-toolkit para WordPress es vulnerable a Cross-Site Scripting Almacenado a través del código abreviado atkp_product del complemento en todas las versiones hasta la 3.6.5 incluida, debido a una desinfección de entrada insuficiente y al escape de salida en los atributos proporcionados por el usuario. • source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9376 – Kata Plus – Addons for Elementor – Widgets, Extensions and Templates <= 1.4.7 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
https://notcve.org/view.php?id=CVE-2024-9376
The Kata Plus – Addons for Elementor – Widgets, Extensions and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.4.7 due to insufficient input sanitization and output escaping. ... El complemento Kata Plus – Addons for Elementor – Widgets, Extensions and Templates para WordPress es vulnerable a Cross-Site Scripting Almacenado a través de cargas de archivos SVG en todas las versiones hasta la 1.4.7 incluida, debido a una desinfección de entrada y un escape de salida insuficientes. • source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9438 – SEUR Oficial <= 2.2.11 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-9438
The SEUR Oficial plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'change_service' parameter in all versions up to, and including, 2.2.11 due to insufficient input sanitization and output escaping. ... El complemento SEUR Oficial para WordPress es vulnerable a Cross-Site Scripting Reflejado a través del parámetro 'change_service' en todas las versiones hasta la 2.2.11 incluida, debido a una desinfección de entrada y un escape de salida insuficientes. • source=cve • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 1.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-5532 – A stored XSS vulnerability has been discovered on OpenText™ Operations Agent (OA).
https://notcve.org/view.php?id=CVE-2024-5532
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ Operations Agent. The XSS vulnerability could allow an attacker with local admin permissions to manipulate the content of the internal status page of the Agent on the local system. This issue affects Operations Agent: 12.20, 12.21, 12.22, 12.23, 12.24, 12.25, 12.26. • https://portal.microfocus.com/s/article/KM000035731?language=en_US • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10000 – Masteriyo LMS – eLearning and Online Course Builder for WordPress <= 1.13.3 - Authenticated (Student+) Stored Cross-Site Scripting via Ask a Question Functionality
https://notcve.org/view.php?id=CVE-2024-10000
The Masteriyo LMS – eLearning and Online Course Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the question's content parameter in all versions up to, and including, 1.13.3 due to insufficient input sanitization and output escaping. • source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •