Page 140 of 6185 results (0.034 seconds)

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-10266 – Premium Addons for Elementor <= 4.10.60 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Video Box Widget

https://notcve.org/view.php?id=CVE-2024-10266

The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Video Box widget in all versions up to, and including, 4.10.60 due to insufficient input sanitization and output escaping on user supplied attributes. ... El complemento Premium Addons for Elementor para WordPress es vulnerable a Cross-Site Scripting almacenado a través del widget Video Box del complemento en todas las versiones hasta la 4.10.60 incluida, debido a una desinfección de entrada insuficiente y al escape de salida en los atributos proporcionados por el usuario. • source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0

CVE-2024-48195

https://notcve.org/view.php?id=CVE-2024-48195

Cross Site Scripting vulnerability in eyouCMS v.1.6.7 allows a remote attacker to obtain sensitive information via a crafted script to the post parameter. • https://github.com/cyb3res3c/CVE-2024-48195/blob/main/CVE-2024-48195.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.8EPSS: 0%CPEs: -EXPL: 0

CVE-2024-51506

https://notcve.org/view.php?id=CVE-2024-51506

Tiki through 27.0 allows users who have certain permissions to insert a "Create a Wiki Pages" stored XSS payload in the description. • https://github.com/r0ck3t1973/xss_payload/issues/8 https://security.tiki.org/Disclose-a-Vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.8EPSS: 0%CPEs: -EXPL: 0

CVE-2024-51507

https://notcve.org/view.php?id=CVE-2024-51507

Tiki through 27.0 allows users who have certain permissions to insert a "Create/Edit External Wiki" stored XSS payload in the Name. • https://github.com/r0ck3t1973/xss_payload/issues/9 https://security.tiki.org/Disclose-a-Vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.8EPSS: 0%CPEs: -EXPL: 0

CVE-2024-51508

https://notcve.org/view.php?id=CVE-2024-51508

Tiki through 27.0 allows users who have certain permissions to insert a "Create/Edit External Wiki" stored XSS payload in the Index. • https://github.com/r0ck3t1973/xss_payload/issues/9 https://security.tiki.org/Disclose-a-Vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •