CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-50406 – License Center
https://notcve.org/view.php?id=CVE-2024-50406
06 Jun 2025 — A cross-site scripting (XSS) vulnerability has been reported to affect License Center. ... We have already fixed the vulnerability in the following version: License Center 1.9.49 and later A cross-site scripting (XSS) vulnerability has been reported to affect License Center. • https://www.qnap.com/en/security-advisory/qsa-25-11 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.2EPSS: 0%CPEs: 26EXPL: 0CVE-2024-8008 – Reflected Cross-Site Scripting (XSS) in Multiple WSO2 Products via JDBC User Store Connection Validation
https://notcve.org/view.php?id=CVE-2024-8008
02 Jun 2025 — A reflected cross-site scripting (XSS) vulnerability exists in multiple [Vendor Name] products due to insufficient output encoding in error messages generated by the JDBC user store connection validation request. ... Existe una vulnerabilidad de cross-site-scripting (XSS) reflejado en varios productos [Vendor Name] debido a una codificación de salida insuficiente en los mensajes de error generados por la solicitud de validación de conexión del almacén de usuarios JDBC. ... A refl... • https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2024-3178 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 28EXPL: 0CVE-2024-3509 – Stored Cross-Site Scripting (XSS) in Management Console of Multiple WSO2 Products via Rich Text Editor
https://notcve.org/view.php?id=CVE-2024-3509
02 Jun 2025 — A stored cross-site scripting (XSS) vulnerability exists in the Management Console of multiple WSO2 products due to insufficient input validation in the Rich Text Editor within the registry section. A stored cross-site scripting (XSS) vulnerability exists in the Management Console of multiple WSO2 products due to insufficient input validation in the Rich Text Editor within the registry section. • https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2024/WSO2-2024-2701 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-57783
https://notcve.org/view.php?id=CVE-2024-57783
02 Jun 2025 — The desktop application in Dot through 0.9.3 allows XSS and resultant command execution because user input and LLM output are appended to the DOM with innerHTML (in render.js), and because the Electron window can access Node.js APIs. La aplicación de escritorio en Dot hasta 0.9.3 permite XSS y la ejecución de comandos resultantes porque la entrada del usuario y la salida LLM se agregan al DOM con innerHTML (en render.js) y porque la ventana Electron puede acceder a las API de Node.js. • https://github.com/EDMPL/Vulnerability-Research/tree/main/CVE-2024-57783 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40114
https://notcve.org/view.php?id=CVE-2024-40114
02 Jun 2025 — A Cross Site Scripting (XSS) vulnerability in Sitecom WLX-2006 Wall Mount Range Extender N300 v1.5 and before allows an attacker to manipulate the language cookie to inject malicious JavaScript code. Una vulnerabilidad de cross-site-scripting (XSS) en Sitecom WLX-2006 Wall Mount Range Extender N300 v1.5 y anteriores permite a un atacante manipular la cookie de idioma para inyectar código JavaScript malicioso. • https://github.com/Emm448/vulnerability-research/tree/main/CVE-2024-40114 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-45094 – IBM DS8900F and DS8A00 Hardware Management Console (HMC) cross-site scripting
https://notcve.org/view.php?id=CVE-2024-45094
27 May 2025 — IBM DS8900F and DS8A00 Hardware Management Console (HMC) is vulnerable to stored cross-site scripting. ... IBM DS8900F and DS8A00 Hardware Management Console (HMC) is vulnerable to stored cross-site scripting. • https://www.ibm.com/support/pages/node/7234276 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47090 – XSS via WYSIWYG editor
https://notcve.org/view.php?id=CVE-2024-47090
27 May 2025 — Improper neutralization of input in Nagvis before version 1.9.47 which can lead to XSS • https://www.nagvis.org/downloads/changelog/1.9.47 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13427 – Page Builder: Pagelayer – Drag and Drop website builder <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Link
https://notcve.org/view.php?id=CVE-2024-13427
23 May 2025 — The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button widget in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. • source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48702
https://notcve.org/view.php?id=CVE-2024-48702
23 May 2025 — PHPGurukul Old Age Home Management System v1.0 is vulnerable to HTML Injection via the searchdata parameter. • https://github.com/0xBhushan/Writeups/blob/main/CVE/phpGurukul/Medical%20Card%20Generation%20System/HTML%20Injection%28pagedes%29.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48704
https://notcve.org/view.php?id=CVE-2024-48704
23 May 2025 — Phpgurukul Medical Card Generation System v1.0 is vulnerable to HTML Injection in admin/contactus.php via the parameter pagedes. • https://github.com/0xBhushan/Writeups/blob/main/CVE/phpGurukul/Medical%20Card%20Generation%20System/HTML%20Injection%28pagedes%29.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •