CVSS: 4.6EPSS: %CPEs: 1EXPL: 0CVE-2024-56352
https://notcve.org/view.php?id=CVE-2024-56352
In JetBrains TeamCity before 2024.12 stored XSS was possible via image name on the agent details page • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: %CPEs: 1EXPL: 0CVE-2024-11811 – Feedify – Web Push Notifications <= 2.4.2 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-11811
The Feedify – Web Push Notifications plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'platform', 'phone', 'email', and 'store_url' parameters. in all versions up to, and including, 2.4.2 due to insufficient input sanitization and output escaping. • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.7EPSS: %CPEs: 1EXPL: 1CVE-2024-8968 – MaxButtons < 9.8.1 - Admin+ Stored XSS via Text Color
https://notcve.org/view.php?id=CVE-2024-8968
The WordPress Button Plugin MaxButtons WordPress plugin before 9.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). • https://wpscan.com/vulnerability/cab4d23e-e857-4b2f-b1ca-fbafd37524e0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: %CPEs: 1EXPL: 1CVE-2024-11108 – Serious Slider < 1.2.7 - Contributor+ Stored XSS via Shortcode
https://notcve.org/view.php?id=CVE-2024-11108
The Serious Slider WordPress plugin before 1.2.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. • https://wpscan.com/vulnerability/7790af9d-621b-474c-b28c-c774e2a292bb • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: %CPEs: 1EXPL: 1CVE-2024-10706 – Download Manager < 3.3.03 - Admin+ Stored XSS
https://notcve.org/view.php?id=CVE-2024-10706
The Download Manager WordPress plugin before 3.3.03 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). • https://wpscan.com/vulnerability/01193420-9a4c-4961-93b6-aa2e37e36be1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •