CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50577
https://notcve.org/view.php?id=CVE-2024-50577
In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via Angular template injection in Hub settings • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50576
https://notcve.org/view.php?id=CVE-2024-50576
In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via vendor URL in App manifest • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50575
https://notcve.org/view.php?id=CVE-2024-50575
In JetBrains YouTrack before 2024.3.47707 reflected XSS was possible in Widget API • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10433 – Project Worlds Simple Web-Based Chat Application index.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-10433
The manipulation of the argument Name/Comment leads to cross site scripting. ... Durch Beeinflussen des Arguments Name/Comment mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. • https://github.com/jadu101/CVE/blob/main/project_worlds_simple_web_based_chat_app_index_xss.md https://vuldb.com/? • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-10048 – Post Status Notifier Lite and Premium <= 1.11.6 - Reflected Cross-Site Scripting via page
https://notcve.org/view.php?id=CVE-2024-10048
The Post Status Notifier Lite and Premium plugins for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 1.11.6 due to insufficient input sanitization and output escaping. ... Los complementos Post Status Notifier Lite y Premium para WordPress son vulnerables a ataques de Cross-Site Scripting reflejado a través del parámetro 'page' en todas las versiones hasta la 1.11.6 incluida, debido a una desinfección de entrada y un escape de salida insuficientes. • source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •