CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-48654
https://notcve.org/view.php?id=CVE-2024-48654
Cross Site Scripting vulnerability in Blood Bank v.1 allows a remote attacker to execute arbitrary code via a crafted script to the login.php component. • https://github.com/Prabhatsk7/CVE/blob/main/CVE-2024-48654 https://github.com/Prabhatsk7/CVE/commit/d735e4f0bab7267608098284f51b602ead429b27 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-48228
https://notcve.org/view.php?id=CVE-2024-48228
The selectfiles method in \backend\controller\sys\Attachh.php directly stores the passed parameters and values into the param parameter without filtering, resulting in Cross Site Scripting (XSS). • https://github.com/funadmin/funadmin/issues/31 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-48233
https://notcve.org/view.php?id=CVE-2024-48233
mipjz 5.0.5 is vulnerable to Cross Site Scripting (XSS) in \app\setting\controller\ApiAdminSetting.php via the ICP parameter. • https://github.com/sansanyun/mipjz/issues/16 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-48239
https://notcve.org/view.php?id=CVE-2024-48239
In the plupload method in \AssetController.class.php, the app parameters aren't processed, resulting in Cross Site Scripting (XSS). • https://github.com/taosir/wtcms/issues/16 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-48396
https://notcve.org/view.php?id=CVE-2024-48396
AIML Chatbot 1.0 (fixed in 2.0) is vulnerable to Cross Site Scripting (XSS). • https://github.com/sohelamin/chatbot https://jacobmasse.medium.com/reflected-xss-in-popular-ai-chatbot-application-79de74ea0cc8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •