CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 1CVE-2024-7982 – Registrations for The Events Calendar < 2.12.4 - Unauthenticated Stored XSS
https://notcve.org/view.php?id=CVE-2024-7982
The Registrations for the Events Calendar WordPress plugin before 2.12.4 does not sanitise and escape some parameters when accepting event registrations, which could allow unauthenticated users to perform Cross-Site Scripting attacks. • https://wpscan.com/vulnerability/d79e1e9c-980d-4974-bfbd-d87d6e28d9a6 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10683 – Contact Form 7 - PayPal & Stripe Add-on <= 2.3.1 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-10683
The Contact Form 7 – PayPal & Stripe Add-on plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.3.1. • source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10876 – Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More <= 1.8.3 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-10876
The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.8.3. • source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: -EPSS: 0%CPEs: -EXPL: 1CVE-2024-51031
https://notcve.org/view.php?id=CVE-2024-51031
A Cross-site Scripting (XSS) vulnerability in manage_account.php in Sourcecodester Cab Management System 1.0 allows remote authenticated users to inject arbitrary web scripts via the "First Name," "Middle Name," and "Last Name" fields. • https://github.com/vighneshnair7/CVE-2024-51031 https://www.sourcecodester.com/php/15180/cab-management-system-phpoop-free-source-code.html •
CVSS: -EPSS: 0%CPEs: -EXPL: 1CVE-2024-51032
https://notcve.org/view.php?id=CVE-2024-51032
A Cross-site Scripting (XSS) vulnerability in manage_recipient.php of Sourcecodester Toll Tax Management System 1.0 allows remote authenticated users to inject arbitrary web scripts via the "owner" input field. • https://github.com/Shree-Chandragiri/CVE-2024-51032 https://www.sourcecodester.com/php/15304/toll-tax-management-system-phpoop-free-source-code.html •