CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-8528 – ALC WebCTRL Carrier i-Vu Reflected XSS due to unsanitized parameter
https://notcve.org/view.php?id=CVE-2024-8528
19 Nov 2025 — Reflected XSS using a specific URL in Automated Logic WebCTRL and Carrier i-VU can allow delivery of malicious payload due to a specific GET parameter not being sanitized. • https://www.corporate.carrier.com/product-security/advisories-resources • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-44647
https://notcve.org/view.php?id=CVE-2024-44647
17 Nov 2025 — PHPGurukul Small CRM 3.0 is vulnerable to Cross Site Scripting (XSS) via the aremark parameter in manage-tickets.php. • https://github.com/leexsoyoung/CVEs/blob/main/CVE-2024-44647.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-44655
https://notcve.org/view.php?id=CVE-2024-44655
17 Nov 2025 — PHPGurukul Complaint Management System 2.0 is vulnerable to Cross Site Scripting (XSS) via the search parameter in user-search.php. • https://github.com/leexsoyoung/CVEs/blob/main/CVE-2024-44655.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-44661
https://notcve.org/view.php?id=CVE-2024-44661
17 Nov 2025 — PHPGurukul Online Shopping Portal 2.0 is vulnerable to Cross Site Scripting (XSS) via the quantity parameter in my-cart.php. • https://github.com/leexsoyoung/CVEs/blob/main/CVE-2024-44661.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-46334
https://notcve.org/view.php?id=CVE-2024-46334
17 Nov 2025 — kashipara School Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via the formuser and formpassword parameters in /adminLogin.php. • https://github.com/leexsoyoung/CVEs/blob/main/CVE-2024-46334.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-46335
https://notcve.org/view.php?id=CVE-2024-46335
17 Nov 2025 — PHPGurukul Complaint Management System 2.0 is vulnerble to Cross Site Scripting (XSS) via the fromdate and todate parameters in between-date-userreport.php. • https://github.com/leexsoyoung/CVEs/blob/main/CVE-2024-46335.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-46336
https://notcve.org/view.php?id=CVE-2024-46336
17 Nov 2025 — kashipara School Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via /client_user/feedback.php. • https://github.com/leexsoyoung/CVEs/blob/main/CVE-2024-46336.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-42749
https://notcve.org/view.php?id=CVE-2024-42749
14 Nov 2025 — Cross Site Scripting vulnerability in Alto CMS v.1.1.13 allows a local attacker to execute arbitrary code via a crafted script. • https://github.com/leexsoyoung/CVEs/blob/main/CVE-2024-42749.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-44635
https://notcve.org/view.php?id=CVE-2024-44635
14 Nov 2025 — PHPGurukul Student Record System 3.20 is vulnerable to Cross Site Scripting (XSS) via adminname and aemailid parameters in /admin-profile.php. • https://github.com/leexsoyoung/CVEs/blob/main/CVE-2024-44635.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1CVE-2024-14015 – Studiocart <= 2.9.0 - Reflected XSS
https://notcve.org/view.php?id=CVE-2024-14015
03 Nov 2025 — The WordPress eCommerce Plugin WordPress plugin through 2.9.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin The Studiocart plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.9.0 due to insufficient input sanitization and output escaping. • https://wpscan.com/vulnerability/1a70927a-e345-4e2f-98da-1235f4482cc0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •