CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51475 – IBM Content Navigator HTML injection
https://notcve.org/view.php?id=CVE-2024-51475
16 May 2025 — IBM Content Navigator 3.0.11, 3.0.15, and 3.1.0 is vulnerable to HTML injection. • https://www.ibm.com/support/pages/node/7233695 • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-9238 – AVIF & SVG Uploader <= 1.1.0 - Author+ Stored XSS via SVG Uplaod
https://notcve.org/view.php?id=CVE-2024-9238
15 May 2025 — The AVIF Uploader WordPress plugin before 1.1.1 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. • https://wpscan.com/vulnerability/a7de0cf6-3064-4595-9037-f8407fe40724 •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-56157 – iTop vulnerable to Self XSS in CSV Import
https://notcve.org/view.php?id=CVE-2024-56157
14 May 2025 — Prior to versions 3.1.3 and 3.2.1, by filling malicious code in a CSV content, a cross-site scripting attack can be performed when importing this content. • https://github.com/Combodo/iTop/security/advisories/GHSA-6p48-74j9-977j • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-10865 – Reflected Cross-Site Scripting vulnerability in OpenText Advanced Authentication
https://notcve.org/view.php?id=CVE-2024-10865
14 May 2025 — Improper Input validation leads to XSS or Cross-site Scripting vulnerability in OpenText Advance Authentication. ... Improper Input validation leads to XSS or Cross-site Scripting vulnerability in OpenText Advanced Authentication. ... Improper Input validation leads to XSS or Cross-site Scripting vulnerability in OpenText Advance Authentication. • https://www.netiq.com/documentation/advanced-authentication-65/advanced-authentication-releasenotes-6.5/data/advanced-authentication-releasenotes-6.5.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52290 – Stored XSS in Configuration Key Functionality
https://notcve.org/view.php?id=CVE-2024-52290
14 May 2025 — Prior to version 2.1.0 user with rights to modificate the service (e.g. kuiperUser role) can inject a cross-site scripting payload into Connection Configuration key `Name` (`confKey`) parameter. ... Antes de la versión 2.1.0, los usuarios con permisos para modificar el servicio (por ejemplo, el rol kuiperUser) podían inyectar un payload de cross-site scripting en el parámetro `Name` (`confKey`) de la clave de configuración de conexión. • https://github.com/lf-edge/ekuiper/security/advisories/GHSA-9cwv-pxcr-hfjc • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-54780
https://notcve.org/view.php?id=CVE-2024-54780
14 May 2025 — Netgate pfSense CE (prior to 2.8.0 beta release) and corresponding Plus builds are vulnerable to command injection in the OpenVPN widget due to improper sanitization of user-supplied input to the OpenVPN management interface. An authenticated attacker can exploit this vulnerability by injecting arbitrary OpenVPN management commands via the remipp parameter. • https://blog.brillantit.com/exploiting-pfsense-xss-command-injection-cloud-hijack • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-45516
https://notcve.org/view.php?id=CVE-2024-45516
14 May 2025 — A Cross-Site Scripting (XSS) vulnerability in the Zimbra Classic UI allows attackers to execute arbitrary JavaScript within the victim's session, potentially leading to unauthorized access to sensitive information. ... A Cross-Site Scripting (XSS) vulnerability in the Zimbra Classic UI allows attackers to execute arbitrary JavaScript within the user's session, potentially leading to unauthorized access to sensitive information. • https://wiki.zimbra.com/wiki/Security_Center • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-54779
https://notcve.org/view.php?id=CVE-2024-54779
14 May 2025 — Netgate pfSense CE (prior to 2.8.0 beta release) and corresponding Plus builds is vulnerable to Cross Site Scripting (XSS) in widgets/log.widget.php. • https://blog.brillantit.com/exploiting-pfsense-xss-command-injection-cloud-hijack • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-57273
https://notcve.org/view.php?id=CVE-2024-57273
14 May 2025 — Netgate pfSense CE (prior to 2.8.0 beta release) and corresponding Plus builds is vulnerable to Cross-site scripting (XSS) in the Automatic Configuration Backup (ACB) service, allowing remote attackers to execute arbitrary JavaScript, delete backups, or leak sensitive information via an unsanitized "reason" field and a derivable device key generated from the public SSH key. • https://blog.brillantit.com/exploiting-pfsense-xss-command-injection-cloud-hijack • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.4EPSS: 0%CPEs: 5EXPL: 0CVE-2025-4648 – A user with elevated privileges can inject XSS by altering the content of a SVG media during the submit request.
https://notcve.org/view.php?id=CVE-2025-4648
13 May 2025 — Download of Code Without Integrity Check vulnerability in Centreon web allows Reflected XSS. A user with elevated privileges can inject XSS by altering the content of a SVG media during the submit request. A user with elevated privileges can inject XSS by altering the content of a SVG media during the submit request. This issue affects web: from 24.10.0 before 24.10.5, from 24.04.0 before 24.04.11, from 23.10.0 before 23.10.22, from 23.04.0 before 23.04.27, from 22.10.0 before 22.10.29. Downlo... • https://thewatch.centreon.com/latest-security-bulletins-64/cve-2024-55575-centreon-web-high-severity-4434 • CWE-494: Download of Code Without Integrity Check •