CVSS: 6.4EPSS: %CPEs: 1EXPL: 0CVE-2024-11196 – Multi-column Tag Map <= 17.0.33 - Authenticated (Contributor+) Stored Cross-Site Scripting via mctagmap Shortcode
https://notcve.org/view.php?id=CVE-2024-11196
The Multi-column Tag Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mctagmap shortcode in all versions up to, and including, 17.0.33 due to insufficient input sanitization and output escaping on user supplied attributes. • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: %CPEs: 1EXPL: 0CVE-2024-11682 – G Web Pro Store Locator <= 2.1 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-11682
The G Web Pro Store Locator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'q' parameter in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping. • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.9EPSS: %CPEs: -EXPL: 1CVE-2024-12841 – Emlog Pro tag.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-12841
The manipulation of the argument keyword leads to cross site scripting. ... Durch Manipulieren des Arguments keyword mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. • https://github.com/emlog/emlog/issues/305 https://vuldb.com/?ctiid.289077 https://vuldb.com/?id.289077 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.6EPSS: %CPEs: 1EXPL: 0CVE-2024-10385 – Stored XSS in DirectAdmin Evo Skin
https://notcve.org/view.php?id=CVE-2024-10385
Ticket management system in DirectAdmin Evolution Skin is vulnerable to XSS (Cross-site Scripting), which allows a low-privileged user to inject and store malicious JavaScript code. If an admin views the ticket, the script might perform actions with their privileges, including command execution. This issue has been fixed in version 1.668 of DirectAdmin Evolution Skin. • https://cert.pl/en/posts/2024/12/CVE-2024-10385 https://www.directadmin.com/evolution.php • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.6EPSS: %CPEs: 1EXPL: 0CVE-2024-56355
https://notcve.org/view.php?id=CVE-2024-56355
In JetBrains TeamCity before 2024.12 missing Content-Type header in RemoteBuildLogController response could lead to XSS • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •