CVSS: 5.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-51026
https://notcve.org/view.php?id=CVE-2024-51026
The NetAdmin IAM system (version 4.0.30319) has a Cross Site Scripting (XSS) vulnerability in the /BalloonSave.ashx endpoint, where it is possible to inject a malicious payload into the Content= field. • https://github.com/BrotherOfJhonny/CVE-2024-51026_Overview • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-51054
https://notcve.org/view.php?id=CVE-2024-51054
A Cross Site Scriptng (XSS) vulnerability was found in /omrs/admin/search.php in PHPGurukul Online Marriage Registration System 1.0, which allows remote attackers to execute arbitrary code via the "searchdata" POST request parameter. • https://github.com/vkcyberexpert/CVE-Writeup/blob/main/PHPGurukul/Marriage%20Registration/Reflected%20Cross%20Site%20Scriptng%20o.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-51135
https://notcve.org/view.php?id=CVE-2024-51135
An XML External Entity (XXE) vulnerability in the component DocumentBuilderFactory of powertac-server v1.9.0 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted request containing malicious XML entities. • http://www.powertac.org https://github.com/powertac/powertac-server https://github.com/powertac/powertac-server/issues/1166 https://mvnrepository.com/artifact/org.powertac/server-interface • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-51213
https://notcve.org/view.php?id=CVE-2024-51213
Cross Site Scripting vulnerability in Online Shop Store v.1.0 allows a remote attacker to execute arbitrary code via the login.php component. • https://github.com/Prabhatsk7/CVE/blob/main/CVE-2024-51213 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-50601
https://notcve.org/view.php?id=CVE-2024-50601
Persistent and reflected XSS vulnerabilities in the themeMode cookie and _h URL parameter of Axigen Mail Server up to version 10.5.28 allow attackers to execute arbitrary Javascript. • https://www.axigen.com/knowledgebase/Axigen-WebMail-Persistent-and-Reflected-XSS-Vulnerabilities-CVE-2024-50601-_403.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •