CVSS: 4.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-10721 – Store XSS in phpipam/phpipam
https://notcve.org/view.php?id=CVE-2024-10721
20 Mar 2025 — A stored cross-site scripting (XSS) vulnerability was discovered in phpipam/phpipam version 1.5.2. • https://github.com/phpipam/phpipam/commit/c1697bb6c4e4a6403d69c0868e1eb1040f98b731 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-12871 – Stored Cross-site Scripting (XSS) in infiniflow/ragflow
https://notcve.org/view.php?id=CVE-2024-12871
20 Mar 2025 — An XSS vulnerability in infiniflow/ragflow version 0.12.0 allows an attacker to upload a malicious PDF file to the knowledge base. • https://huntr.com/bounties/7903945c-2839-4dd5-9d40-9ef47fe53118 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-9901 – Storage XSS and CSRF Vulnerability in mudler/localai
https://notcve.org/view.php?id=CVE-2024-9901
20 Mar 2025 — LocalAI version v2.19.4 (af0545834fd565ab56af0b9348550ca9c3cb5349) contains a vulnerability where the delete model API improperly neutralizes input during web page generation, leading to a one-time storage cross-site scripting (XSS) vulnerability. • https://github.com/mudler/localai/commit/a1634b219a4e52813e70ff07e6376a01449c4515 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-10727 – Cross-Site Scripting (XSS) in phpipam/phpipam
https://notcve.org/view.php?id=CVE-2024-10727
20 Mar 2025 — A reflected cross-site scripting (XSS) vulnerability exists in phpipam/phpipam versions 1.5.0 through 1.6.0. • https://github.com/phpipam/phpipam/commit/c1697bb6c4e4a6403d69c0868e1eb1040f98b731 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-11850 – Stored XSS in langgenius/dify
https://notcve.org/view.php?id=CVE-2024-11850
20 Mar 2025 — A stored cross-site scripting (XSS) vulnerability exists in the latest version of langgenius/dify. • https://huntr.com/bounties/893da115-028d-4718-b586-a2b77897a470 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.6EPSS: 0%CPEs: -EXPL: 0CVE-2024-0640 – Stored XSS in chatwoot/chatwoot
https://notcve.org/view.php?id=CVE-2024-0640
20 Mar 2025 — A stored cross-site scripting (XSS) vulnerability exists in chatwoot/chatwoot versions 3.0.0 to 3.5.1. • https://github.com/chatwoot/chatwoot/commit/e39c14460b860d5e3d23d989dd6af48404ad1bb4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-12870 – Stored Cross-site Scripting (XSS) in infiniflow/ragflow
https://notcve.org/view.php?id=CVE-2024-12870
20 Mar 2025 — A stored cross-site scripting (XSS) vulnerability exists in infiniflow/ragflow, affecting the latest commit on the main branch (cec2080). • https://huntr.com/bounties/d6b497d2-5c95-4abc-8033-04b8068fed65 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-6986 – Cross-site Scripting (XSS) in parisneo/lollms-webui
https://notcve.org/view.php?id=CVE-2024-6986
20 Mar 2025 — A Cross-site Scripting (XSS) vulnerability exists in the Settings page of parisneo/lollms-webui version 9.8. • https://huntr.com/bounties/83e9bde1-40b2-49e9-be1c-bc1498eb8ebd • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.2EPSS: 0%CPEs: -EXPL: 0CVE-2024-10720 – Stored Cross-site Scripting (XSS) in phpipam/phpipam
https://notcve.org/view.php?id=CVE-2024-10720
20 Mar 2025 — A stored cross-site scripting (XSS) vulnerability exists in phpipam/phpipam version 1.5.2. • https://github.com/phpipam/phpipam/commit/c1697bb6c4e4a6403d69c0868e1eb1040f98b731 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-8027 – Stored Cross-Site Scripting (XSS) in netease-youdao/QAnything
https://notcve.org/view.php?id=CVE-2024-8027
20 Mar 2025 — A stored Cross-Site Scripting (XSS) vulnerability exists in netease-youdao/QAnything. Attackers can upload malicious knowledge files to the knowledge base, which can trigger XSS attacks during user chats. • https://huntr.com/bounties/cf75f024-3d64-416d-adfe-c4255d7c3f34 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •