
CVE-2024-37396
https://notcve.org/view.php?id=CVE-2024-37396
10 Jun 2025 — A stored cross-site scripting (XSS) vulnerability in the Calendar function of REDCap 13.1.9 allows authenticated users to execute arbitrary web script or HTML by injecting a crafted payload into the 'Notes' field of a calendar event. • https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/multiple-cross-site-scripting-xss-vulnerabilities-in-redcap-cve-2024-37394-cve-2024-37395-and-cve-2024-37396 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2024-9993 – Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 6.1.12 - Authenticated(Contributor+) Stored Cross-Site Scripting via Event Calendar Widget
https://notcve.org/view.php?id=CVE-2024-9993
06 Jun 2025 — The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the eael_event_details_text parameter of Event Calendar Widget in all versions up to, and including, 6.1.12 due to insufficient input sanitization and output escaping on user supplied attributes. ... Los complementos Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders para... • source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2024-9994 – Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 6.1.12 - Authenticated(Contributor+) Stored Cross-Site Scripting via Pricing Table Widget
https://notcve.org/view.php?id=CVE-2024-9994
06 Jun 2025 — The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the eael_pricing_item_tooltip_content parameter of the Pricing Table Widget in all versions up to, and including, 6.1.12 due to insufficient input sanitization and output escaping on user supplied attributes. ... Los complementos Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce ... • source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2024-50406 – License Center
https://notcve.org/view.php?id=CVE-2024-50406
06 Jun 2025 — A cross-site scripting (XSS) vulnerability has been reported to affect License Center. ... We have already fixed the vulnerability in the following version: License Center 1.9.49 and later A cross-site scripting (XSS) vulnerability has been reported to affect License Center. • https://www.qnap.com/en/security-advisory/qsa-25-11 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2024-8008 – Reflected Cross-Site Scripting (XSS) in Multiple WSO2 Products via JDBC User Store Connection Validation
https://notcve.org/view.php?id=CVE-2024-8008
02 Jun 2025 — A reflected cross-site scripting (XSS) vulnerability exists in multiple [Vendor Name] products due to insufficient output encoding in error messages generated by the JDBC user store connection validation request. ... Existe una vulnerabilidad de cross-site-scripting (XSS) reflejado en varios productos [Vendor Name] debido a una codificación de salida insuficiente en los mensajes de error generados por la solicitud de validación de conexión del almacén de usuarios JDBC. ... A refl... • https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2024-3178 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2024-3509 – Stored Cross-Site Scripting (XSS) in Management Console of Multiple WSO2 Products via Rich Text Editor
https://notcve.org/view.php?id=CVE-2024-3509
02 Jun 2025 — A stored cross-site scripting (XSS) vulnerability exists in the Management Console of multiple WSO2 products due to insufficient input validation in the Rich Text Editor within the registry section. A stored cross-site scripting (XSS) vulnerability exists in the Management Console of multiple WSO2 products due to insufficient input validation in the Rich Text Editor within the registry section. • https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2024/WSO2-2024-2701 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2024-57783
https://notcve.org/view.php?id=CVE-2024-57783
02 Jun 2025 — The desktop application in Dot through 0.9.3 allows XSS and resultant command execution because user input and LLM output are appended to the DOM with innerHTML (in render.js), and because the Electron window can access Node.js APIs. La aplicación de escritorio en Dot hasta 0.9.3 permite XSS y la ejecución de comandos resultantes porque la entrada del usuario y la salida LLM se agregan al DOM con innerHTML (en render.js) y porque la ventana Electron puede acceder a las API de Node.js. • https://github.com/EDMPL/Vulnerability-Research/tree/main/CVE-2024-57783 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2024-40114
https://notcve.org/view.php?id=CVE-2024-40114
02 Jun 2025 — A Cross Site Scripting (XSS) vulnerability in Sitecom WLX-2006 Wall Mount Range Extender N300 v1.5 and before allows an attacker to manipulate the language cookie to inject malicious JavaScript code. Una vulnerabilidad de cross-site-scripting (XSS) en Sitecom WLX-2006 Wall Mount Range Extender N300 v1.5 y anteriores permite a un atacante manipular la cookie de idioma para inyectar código JavaScript malicioso. • https://github.com/Emm448/vulnerability-research/tree/main/CVE-2024-40114 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2024-45094 – IBM DS8900F and DS8A00 Hardware Management Console (HMC) cross-site scripting
https://notcve.org/view.php?id=CVE-2024-45094
27 May 2025 — IBM DS8900F and DS8A00 Hardware Management Console (HMC) is vulnerable to stored cross-site scripting. ... IBM DS8900F and DS8A00 Hardware Management Console (HMC) is vulnerable to stored cross-site scripting. • https://www.ibm.com/support/pages/node/7234276 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2024-47090 – XSS via WYSIWYG editor
https://notcve.org/view.php?id=CVE-2024-47090
27 May 2025 — Improper neutralization of input in Nagvis before version 1.9.47 which can lead to XSS • https://www.nagvis.org/downloads/changelog/1.9.47 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •