CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9103 – Persistent XSS in blocked messages
https://notcve.org/view.php?id=CVE-2024-9103
24 Mar 2025 — Improper Neutralization of Script in Attributes in a Web Page vulnerability in Forcepoint Email Security (Blocked Messages module) allows Stored XSS. • https://support.forcepoint.com/s/article/Security-Advisory-Email-Security-Gateway-Persistent-XSS-in-Blocked-Messages • CWE-83: Improper Neutralization of Script in Attributes in a Web Page •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-55279
https://notcve.org/view.php?id=CVE-2024-55279
24 Mar 2025 — Uguu through 1.8.9 allows Cross Site Scripting (XSS) via JavaScript in XML files. • https://codeberg.org/zypressen/CVE-2024-55279 •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12623 – DICOM Support <= 0.10.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-12623
24 Mar 2025 — The DICOM Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'dcm' shortcode in all versions up to, and including, 0.10.6 due to insufficient input sanitization and output escaping on user supplied attributes. • source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13739 – Newsletters <= 4.9.9.7 - Reflected Cross-Site Scripting via To Parameter
https://notcve.org/view.php?id=CVE-2024-13739
21 Mar 2025 — The Newsletters plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the "to" parameter in all versions up to, and including, 4.9.9.7 due to insufficient input sanitization and output escaping. • source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.3EPSS: 0%CPEs: 4EXPL: 0CVE-2024-50053 – Stored XSS
https://notcve.org/view.php?id=CVE-2024-50053
21 Mar 2025 — Zohocorp ManageEngine ServiceDesk Plus versions below 14920 , ServiceDesk Plus MSP and SupportCentre Plus versions below 14910 are vulnerable to Stored XSS in the task feature. Zohocorp ManageEngine ServiceDesk Plus versions below 14920 , ServiceDesk Plus MSP and SupportCentre Plus versions below 14910 are vulnerable to Stored XSS in the task feature. • https://www.manageengine.com/products/service-desk/CVE-2024-50053.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-8017 – Cross-site Scripting (XSS) in open-webui/open-webui
https://notcve.org/view.php?id=CVE-2024-8017
20 Mar 2025 — An XSS vulnerability exists in open-webui/open-webui versions <= 0.3.8, specifically in the function that constructs the HTML for tooltips. • https://huntr.com/bounties/ef06c7c8-1cb2-42a7-a6e6-17b2e1c744f7 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: -EXPL: 0CVE-2024-8101 – Stored XSS in aimhubio/aim
https://notcve.org/view.php?id=CVE-2024-8101
20 Mar 2025 — A stored cross-site scripting (XSS) vulnerability exists in the Text Explorer component of aimhubio/aim version 3.23.0. • https://huntr.com/bounties/60cf2b93-a9a2-435e-a222-3d6abde26adb • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-8556 – Stored XSS in modelscope/agentscope
https://notcve.org/view.php?id=CVE-2024-8556
20 Mar 2025 — A stored cross-site scripting (XSS) vulnerability exists in modelscope/agentscope, as of the latest commit 21161fe on the main branch. • https://huntr.com/bounties/8439f16b-5256-4466-bb7d-371572572a4b • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.6EPSS: 0%CPEs: -EXPL: 0CVE-2024-7053 – Session Fixation in open-webui/open-webui
https://notcve.org/view.php?id=CVE-2024-7053
20 Mar 2025 — A vulnerability in open-webui/open-webui version 0.3.8 allows an attacker with a user-level account to perform a session fixation attack. The session cookie for all users is set with the default `SameSite=Lax` and does not have the `Secure` flag enabled, allowing the session cookie to be sent over HTTP to a cross-origin domain. An attacker can exploit this by embedding a malicious markdown image in a chat, which, when viewed by an administrator, sends the admin's session cookie to the attacker's server. Thi... • https://huntr.com/bounties/947f8191-0abf-4adf-b7c4-d4c19683aba2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-8400 – Stored XSS in gaizhenbiao/chuanhuchatgpt
https://notcve.org/view.php?id=CVE-2024-8400
20 Mar 2025 — A stored cross-site scripting (XSS) vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. • https://github.com/gaizhenbiao/chuanhuchatgpt/commit/2cca68e34f029babbe4eaa5a77d220dad68fdd49 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •