CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53382
https://notcve.org/view.php?id=CVE-2024-53382
03 Mar 2025 — Prism (aka PrismJS) through 1.29.0 allows DOM Clobbering (with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript), because document.currentScript lookup can be shadowed by attacker-injected HTML elements. • https://gist.github.com/jackfromeast/aeb128e44f05f95828a1a824708df660 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-53384
https://notcve.org/view.php?id=CVE-2024-53384
03 Mar 2025 — A DOM Clobbering vulnerability in tsup v8.3.4 allows attackers to execute arbitrary code via a crafted script in the import.meta.url to document.currentScript in cjs_shims.js components • https://gist.github.com/jackfromeast/36f98bf7542d11835c883c1d175d9b92 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53386
https://notcve.org/view.php?id=CVE-2024-53386
03 Mar 2025 — Stage.js through 0.8.10 allows DOM Clobbering (with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript), because document.currentScript lookup can be shadowed by attacker-injected HTML elements. • https://gist.github.com/jackfromeast/31d56f1ad17673aabb6ab541e65a5534 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-53387
https://notcve.org/view.php?id=CVE-2024-53387
03 Mar 2025 — A DOM Clobbering vulnerability in umeditor v1.2.3 allows attackers to execute arbitrary code via supplying a crafted HTML element. • https://gist.github.com/jackfromeast/d52c506113f33b8871d0e647411df894 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-53388
https://notcve.org/view.php?id=CVE-2024-53388
03 Mar 2025 — A DOM Clobbering vulnerability in mavo v0.3.2 allows attackers to execute arbitrary code via supplying a crafted HTML element. • https://gist.github.com/jackfromeast/a61a5429a97985e7ff4c1d39e339d5d8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-55064
https://notcve.org/view.php?id=CVE-2024-55064
03 Mar 2025 — Multiple cross-site scripting (XSS) vulnerabilities in EasyVirt DC NetScope <= 8.6.4 allow remote attackers to inject arbitrary JavaScript or HTML code via the (1) smtp_server, (2) smtp_account, (3) smtp_password, or (4) email_recipients parameter to /smtp/update; the (5) ntp or (6) dns parameter to /proxy/ntp/change; the (7) newVcenterAddress parameter to /process_new_vcenter. • https://github.com/Elymaro/CVE/blob/main/EasyVirt/CVE-2024-55064.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-57240
https://notcve.org/view.php?id=CVE-2024-57240
03 Mar 2025 — A Cross-Site Scripting (XSS) vulnerability in the Rendering Engine component in Apryse WebViewer v11.1 and earlier allows attackers to execute arbitrary code via a crafted PDF file. • https://gist.github.com/devom3/43c328e23ec854090ed555a13541ca94 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: -EXPL: 0CVE-2025-25949
https://notcve.org/view.php?id=CVE-2025-25949
03 Mar 2025 — A stored cross-site scripting (XSS) vulnerability in Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the User ID parameter at /rest/staffResource/update. • https://github.com/VvV1per/Vulnerability-Research-CVEs/tree/main/CVE-2024-89636 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: -EXPL: 0CVE-2025-27584
https://notcve.org/view.php?id=CVE-2025-27584
03 Mar 2025 — A stored cross-site scripting (XSS) vulnerability in Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the First Name parameter at /rest/staffResource/update. • https://github.com/VvV1per/Vulnerability-Research-CVEs/tree/main/CVE-2024-89636 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: -EXPL: 0CVE-2025-27585
https://notcve.org/view.php?id=CVE-2025-27585
03 Mar 2025 — A stored cross-site scripting (XSS) vulnerability in Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Print Name parameter at /rest/staffResource/update. • https://github.com/VvV1per/Vulnerability-Research-CVEs/tree/main/CVE-2024-89636 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •