CVE-2024-12127 – Learning Management System, eLearning, Course Builder, WordPress LMS Plugin – Sikshya LMS <= 0.0.21 - Reflected Cross-Site Scripting via page Parameter
https://notcve.org/view.php?id=CVE-2024-12127
The Learning Management System, eLearning, Course Builder, WordPress LMS Plugin – Sikshya LMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 0.0.21 due to insufficient input sanitization and output escaping. • source=cve • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVE-2024-12024 – EventPrime – Events Calendar, Bookings and Tickets <= 4.0.5.3 - Unauthenticated Stored Cross-Site Scripting via Ticket Category and Ticket Type Name
https://notcve.org/view.php?id=CVE-2024-12024
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the em_ticket_category_data and em_ticket_individual_data parameters in all versions up to, and including, 4.0.5.3 due to insufficient input sanitization and output escaping. • source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-12665 – ruifang-tech Rebuild Task Comment Attachment Upload cross site scripting
https://notcve.org/view.php?id=CVE-2024-12665
The manipulation leads to cross site scripting. ... Durch Manipulation mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. • https://github.com/cydtseng/Vulnerability-Research/blob/main/rebuild/StoredXSS-TaskCommentAttachments.md https://vuldb.com/?ctiid.288534 https://vuldb.com/?id.288534 https://vuldb.com/?submit.458623 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-12664 – ruifang-tech Rebuild Project Task Comment cross site scripting
https://notcve.org/view.php?id=CVE-2024-12664
The manipulation leads to cross site scripting. ... Durch die Manipulation mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. • https://github.com/cydtseng/Vulnerability-Research/blob/main/rebuild/StoredXSS-TaskComments.md https://vuldb.com/?ctiid.288533 https://vuldb.com/?id.288533 https://vuldb.com/?submit.458622 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-12220 – SMS for WooCommerce <= 2.8.1 - Cross-Site Request Forgery to Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-12220
The SMS for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • source=cve • CWE-352: Cross-Site Request Forgery (CSRF) •