CVE-2024-7133 – My Sticky Bar < 2.7.3 - Admin+ Stored XSS
https://notcve.org/view.php?id=CVE-2024-7133
The Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any WordPress plugin before 2.7.3 does not validate and escape some of its settings before outputting them back in the page, which could allow users with a high role to perform Stored Cross-Site Scripting attacks. • https://wpscan.com/vulnerability/c81c1622-33d1-41f2-ba63-f06bd4c125ab •
CVE-2024-6850 – Carousel Slider < 2.2.14 - Editor+ Stored XSS
https://notcve.org/view.php?id=CVE-2024-6850
The Carousel Slider WordPress plugin before 2.2.4 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed • https://wpscan.com/vulnerability/c06995cb-1685-4751-811f-aead52a597a7 •
CVE-2024-39926
https://notcve.org/view.php?id=CVE-2024-39926
A stored cross-site scripting (XSS) or, due to the default CSP, HTML injection vulnerability has been discovered in the admin dashboard. • https://github.com/dani-garcia/vaultwarden/blob/1.30.3/src/static/scripts/admin_users.js#L201 https://github.com/dani-garcia/vaultwarden/releases/tag/1.32.0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-44430
https://notcve.org/view.php?id=CVE-2024-44430
SQL Injection vulnerability in Best Free Law Office Management Software-v1.0 allows an attacker to execute arbitrary code and obtain sensitive information via a crafted payload to the kortex_lite/control/register_case.php interface • https://blog.csdn.net/samwbs/article/details/140954482 https://github.com/samwbs/kortexcve/blob/main/xss_register_case/XSS_register_case.md •
CVE-2024-44798
https://notcve.org/view.php?id=CVE-2024-44798
phpgurukul Bus Pass Management System 1.0 is vulnerable to Cross-site scripting (XSS) in /admin/pass-bwdates-reports-details.php via fromdate and todate parameters. • https://github.com/shouvikdutta1998/Bus_management • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •