CVSS: 6.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-36697
https://notcve.org/view.php?id=CVE-2024-36697
10 Jul 2025 — A cross-site scripting (XSS) vulnerability in the Admin Login page of Allworx System Software v9.1.9.12 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the SessionID parameter at query.asp. • http://allworx.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-7066 – Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Jirafeau
https://notcve.org/view.php?id=CVE-2025-7066
04 Jul 2025 — Jirafeau normally prevents browser preview for text files due to the possibility that for example SVG and HTML documents could be exploited for cross site scripting. This was done by storing the MIME type of a file and allowing only browser preview for MIME types beginning with image (except for image/svg+xml, see CVE-2022-30110 and CVE-2024-12326), video and audio. ... Browsers see multiple MIME types and text/html would takes precedence, allowing a possible attacker to do a ... • id=CVE-2022-30110 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11937 – Premium Addons for Elementor <= 4.10.69 - Authenticated (Contributor+) Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-11937
03 Jul 2025 — The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's linkURL in the Mobile Menu element in all versions up to, and including, 4.10.69 due to insufficient input sanitization and output escaping on user supplied attributes. ... El complemento Premium Addons para Elementor de WordPress es vulnerable a cross-site scripting almacenado a través de la URL del enlace del complemento en el elemento Menú Móvil en todas las versiones hasta la... • source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9017 – PeepSo Core: Groups <= 6.4.6.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Group Description
https://notcve.org/view.php?id=CVE-2024-9017
02 Jul 2025 — The PeepSo Core: Groups plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Group Description field in all versions up to, and including, 6.4.6.0 due to insufficient input sanitization and output escaping. • source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 14EXPL: 0CVE-2024-5647 – Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library
https://notcve.org/view.php?id=CVE-2024-5647
02 Jul 2025 — Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled Magnific Popups library (version 1.1.0) in various versions due to insufficient input sanitization and output escaping on user supplied attributes. • source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11405 – WP Front-end login and register <= 2.1.0 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-11405
01 Jul 2025 — The WP Front-end login and register plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the email and wpmp_reset_password_token parameters in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping. ... El complemento WP Front-end login and register para WordPress es vulnerable a ataques de Cross-Site Scripting Reflejado a través de los parámetros email y wpmp_reset_password_token en todas las versiones hasta la 2.1.0 incluida, d... • source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12915 – Reflected XSS in Devinim Software's Modified Koha Library Software
https://notcve.org/view.php?id=CVE-2024-12915
30 Jun 2025 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Devinim Software Library Software allows Reflected XSS.This issue affects Library Software: before 24.11.02. • https://www.usom.gov.tr/bildirim/tr-25-0144 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-52900 – IBM Cognos Analytics cross-site scripting
https://notcve.org/view.php?id=CVE-2024-52900
28 Jun 2025 — IBM Cognos Analytics 11.2.0 through 12.2.4 Fix Pack 5 and 12.0.0 through 12.0.4 is vulnerable to stored cross-site scripting. • https://www.ibm.com/support/pages/node/7238163 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-56915
https://notcve.org/view.php?id=CVE-2024-56915
26 Jun 2025 — Netbox Community v4.1.7 and fixed in v.4.2.2 is vulnerable to Cross Site Scripting (XSS) via the RSS feed widget. • https://github.com/noxlumens/Vulnerability-Research/tree/main/CVE-2024-56915 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-56918
https://notcve.org/view.php?id=CVE-2024-56918
24 Jun 2025 — In Netbox Community 4.1.7, the login page is vulnerable to cross-site scripting (XSS), which allows a privileged, authenticated attacker to exfiltrate user input from the login form. • https://github.com/noxlumens/Vulnerability-Research/tree/main/CVE-2024-56918 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •