CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-48448
https://notcve.org/view.php?id=CVE-2024-48448
An arbitrary file upload vulnerability in Huly Platform v0.6.295 allows attackers to execute arbitrary code via uploading a crafted HTML file into the tracker comments page. • https://github.com/b-hermes/vulnerability-research/tree/main/CVE-2024-48448 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-48743
https://notcve.org/view.php?id=CVE-2024-48743
Cross Site Scripting vulnerability in Sentry v.6.0.9 allows a remote attacker to execute arbitrary code via the z parameter. • https://gist.github.com/rvismit/538232c3f258e468195febb69f3f2d3b • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10374 – WP-Members <= 3.4.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpmem_loginout Shortcode
https://notcve.org/view.php?id=CVE-2024-10374
The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpmem_loginout shortcode in all versions up to, and including, 3.4.9.5 due to insufficient input sanitization and output escaping on user supplied attributes. • source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10348 – SourceCodester Best House Rental Management System Manage Tenant Details index.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-10348
The manipulation of the argument Last Name/First Name/Middle Name leads to cross site scripting. ... Durch das Beeinflussen des Arguments Last Name/First Name/Middle Name mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. • https://github.com/will121351/wenqin.webray.com.cn/blob/main/CVE-project/house-rental-management-system.md https://vuldb.com/? • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47883 – Butterfly has path/URL confusion in resource handling leading to multiple weaknesses
https://notcve.org/view.php?id=CVE-2024-47883
An attacker that can lead or redirect a user to a crafted URL belonging to the app could cause arbitrary attacker-controlled JavaScript to be loaded in the victim's browser (cross-site scripting). • https://github.com/OpenRefine/simile-butterfly/commit/537f64bfa72746f8b21d4bda461fad843435319c https://github.com/OpenRefine/simile-butterfly/security/advisories/GHSA-3p8v-w8mr-m3x8 • CWE-36: Absolute Path Traversal CWE-918: Server-Side Request Forgery (SSRF) •