
CVE-2024-45094 – IBM DS8900F and DS8A00 Hardware Management Console (HMC) cross-site scripting
https://notcve.org/view.php?id=CVE-2024-45094
27 May 2025 — IBM DS8900F and DS8A00 Hardware Management Console (HMC) is vulnerable to stored cross-site scripting. ... IBM DS8900F and DS8A00 Hardware Management Console (HMC) is vulnerable to stored cross-site scripting. • https://www.ibm.com/support/pages/node/7234276 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2024-47090 – XSS via WYSIWYG editor
https://notcve.org/view.php?id=CVE-2024-47090
27 May 2025 — Improper neutralization of input in Nagvis before version 1.9.47 which can lead to XSS • https://www.nagvis.org/downloads/changelog/1.9.47 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2024-51107
https://notcve.org/view.php?id=CVE-2024-51107
23 May 2025 — Multiple stored cross-site scripting (XSS) vulnerabilities in the component /mcgs/admin/contactus.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the pagetitle, pagedes, and email parameters. • https://github.com/0xBhushan/Writeups/blob/main/CVE/phpGurukul/Medical%20Card%20Generation%20System/Stored%20XSS-Contact%20Us.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2024-51108
https://notcve.org/view.php?id=CVE-2024-51108
23 May 2025 — Multiple stored cross-site scripting (XSS) vulnerabilities in the component /admin/card-bwdates-report.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the fromdate and todate parameters. • https://github.com/0xBhushan/Writeups/blob/main/CVE/phpGurukul/Medical%20Card%20Generation%20System/Stored%20XSS-Between%20Dates%20Reports.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2024-13427 – Page Builder: Pagelayer – Drag and Drop website builder <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Link
https://notcve.org/view.php?id=CVE-2024-13427
23 May 2025 — The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button widget in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. • source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2024-48702
https://notcve.org/view.php?id=CVE-2024-48702
23 May 2025 — PHPGurukul Old Age Home Management System v1.0 is vulnerable to HTML Injection via the searchdata parameter. • https://github.com/0xBhushan/Writeups/blob/main/CVE/phpGurukul/Medical%20Card%20Generation%20System/HTML%20Injection%28pagedes%29.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2024-51099
https://notcve.org/view.php?id=CVE-2024-51099
23 May 2025 — A reflected cross-site scripting (XSS) vulnerability in the component mcgs/download-medical-cards.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL v1.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the searchdata parameter. • https://github.com/0xBhushan/Writeups/blob/main/CVE/phpGurukul/Medical%20Card%20Generation%20System/Reflected%20Cross-Site%20Scripting%20%28XSS%29-medical%20card%20details%20search.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2024-48704
https://notcve.org/view.php?id=CVE-2024-48704
23 May 2025 — Phpgurukul Medical Card Generation System v1.0 is vulnerable to HTML Injection in admin/contactus.php via the parameter pagedes. • https://github.com/0xBhushan/Writeups/blob/main/CVE/phpGurukul/Medical%20Card%20Generation%20System/HTML%20Injection%28pagedes%29.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2024-5962 – Reflected Cross-Site Scripting (XSS) in Authentication Endpoint of Multiple WSO2 Products Due to Missing Output Encoding
https://notcve.org/view.php?id=CVE-2024-5962
22 May 2025 — A reflected cross-site scripting (XSS) vulnerability exists in the authentication endpoint of multiple WSO2 products due to missing output encoding of user-supplied input. • https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2024/WSO2-2024-3443 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2024-7103 – Reflected Cross-Site Scripting (XSS) in WSO2 Identity Server 7.0.0 Sub-Organization Login Flow
https://notcve.org/view.php?id=CVE-2024-7103
22 May 2025 — A reflected cross-site scripting (XSS) vulnerability exists in the sub-organization login flow of WSO2 Identity Server 7.0.0 due to improper input validation. • https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2024/WSO2-2024-3425 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •