
CVE-2024-53965 – Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
https://notcve.org/view.php?id=CVE-2024-53965
04 Feb 2025 — Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by a low privileged attacker to execute arbitrary code in the context of the victim's browser session. • https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2024-13722 – Checkmk NagVis Reflected Cross-site Scripting
https://notcve.org/view.php?id=CVE-2024-13722
04 Feb 2025 — The "NagVis" component within Checkmk is vulnerable to reflected cross-site scripting. ... The NagVis component within Checkmk is vulnerable to reflected cross site scripting. • https://packetstorm.news/files/id/189008 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2024-53266 – Cross-site Scripting (XSS) via topic titles when CSP disabled in Discourse
https://notcve.org/view.php?id=CVE-2024-53266
04 Feb 2025 — In affected versions with some combinations of plugins, and with CSP disabled, activity streams in the user's profile page may be vulnerable to XSS. • https://github.com/discourse/discourse/security/advisories/GHSA-hw4j-4hg7-22h2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2024-56328 – HTMLi(XSS without CSP) via Onebox urls in Discourse
https://notcve.org/view.php?id=CVE-2024-56328
04 Feb 2025 — Discourse is an open source platform for community discussion. An attacker can execute arbitrary JavaScript on users' browsers by posting a maliciously crafted onebox url. This issue only affects sites with CSP disabled. This problem has been patched in the latest version of Discourse. Users are advised to upgrade. • https://github.com/discourse/discourse/security/advisories/GHSA-j855-mhxj-x6vg • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2024-40700 – IBM Security Verify Access cross-site scripting
https://notcve.org/view.php?id=CVE-2024-40700
04 Feb 2025 — IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 is vulnerable to cross-site scripting. • https://www.ibm.com/support/pages/node/7182386 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2024-11623 – Stored XSS in authentik
https://notcve.org/view.php?id=CVE-2024-11623
04 Feb 2025 — Authentik project is vulnerable to Stored XSS attacks through uploading crafted SVG files that are used as application icons. ... Authentik project is vulnerable to Stored XSS attacks through uploading crafted SVG files that are used as application icons. • https://cert.pl/en/posts/2025/02/CVE-2024-11623 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2024-13332 – TransFinanz <= 1.0.0 - Reflected XSS
https://notcve.org/view.php?id=CVE-2024-13332
04 Feb 2025 — The TransFinanz WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin • https://wpscan.com/vulnerability/35b53a2d-9a8b-49e7-9553-ea09c9c50d66 •

CVE-2024-13331 – WP Dream Carousel <= 1.0.1b - Reflected XSS
https://notcve.org/view.php?id=CVE-2024-13331
04 Feb 2025 — The WP Dream Carousel WordPress plugin through 1.0.1b does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin • https://wpscan.com/vulnerability/6425ccff-2e18-4498-b8b1-d493286efc7b •

CVE-2024-13330 – Justrows Free <= 0.2 - Reflected XSS
https://notcve.org/view.php?id=CVE-2024-13330
04 Feb 2025 — The JustRows free WordPress plugin through 0.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin • https://wpscan.com/vulnerability/b0360650-8c7a-4e17-8618-b5ef1c71ccbf •

CVE-2024-13329 – Solidres <= 0.9.4 - Reflected XSS
https://notcve.org/view.php?id=CVE-2024-13329
04 Feb 2025 — The Solidres WordPress plugin through 0.9.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin • https://wpscan.com/vulnerability/f923e557-dc3c-43b7-9545-9e92751c9783 •