CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9357 – xili-tidy-tags <= 1.12.04 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-9357
The xili-tidy-tags plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'action' parameter in all versions up to, and including, 1.12.04 due to insufficient input sanitization and output escaping. • source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-11050 – AMTT Hotel Broadband Operation System language.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-11050
The manipulation of the argument LangID/LangName/LangEName leads to cross site scripting. ... Durch Manipulation des Arguments LangID/LangName/LangEName mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. • https://vuldb.com/?ctiid.283793 https://vuldb.com/?id.283793 https://vuldb.com/?submit.432690 https://wiki.shikangsi.com/post/share/ba791f6d-7f63-494f-bd73-827ed7f26e2e • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10265 – Form Maker by 10Web β Mobile-Friendly Drag & Drop Contact Form Builder <= 1.15.30 - Reflected Cross-Site Scripting via add_query_arg Parameter
https://notcve.org/view.php?id=CVE-2024-10265
The Form Maker by 10Web β Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.15.30. • source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-51647 – WordPress Featured Posts Scroll plugin <= 1.25 - CSRF to Stored Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-51647
Cross-Site Request Forgery (CSRF) vulnerability in Chaser324 Featured Posts Scroll allows Stored XSS.This issue affects Featured Posts Scroll: from n/a through 1.25. • https://patchstack.com/database/vulnerability/featured-posts-scroll/wordpress-featured-posts-scroll-plugin-1-25-csrf-to-stored-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10837 – SysBasics Customize My Account for WooCommerce <= 2.7.29 - Reflected Cross-Site Scripting via tab Parameter
https://notcve.org/view.php?id=CVE-2024-10837
The SysBasics Customize My Account for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the βtabβ parameter in all versions up to, and including, 2.7.29 due to insufficient input sanitization and output escaping. • source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •