CVE-2024-39926
https://notcve.org/view.php?id=CVE-2024-39926
A stored cross-site scripting (XSS) or, due to the default CSP, HTML injection vulnerability has been discovered in the admin dashboard. • https://github.com/dani-garcia/vaultwarden/blob/1.30.3/src/static/scripts/admin_users.js#L201 https://github.com/dani-garcia/vaultwarden/releases/tag/1.32.0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-44798
https://notcve.org/view.php?id=CVE-2024-44798
phpgurukul Bus Pass Management System 1.0 is vulnerable to Cross-site scripting (XSS) in /admin/pass-bwdates-reports-details.php via fromdate and todate parameters. • https://github.com/shouvikdutta1998/Bus_management • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-8797 – WP Booking System – Booking Calendar <= 2.0.19.8 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-8797
The WP Booking System – Booking Calendar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.0.19.8. • source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-44430
https://notcve.org/view.php?id=CVE-2024-44430
SQL Injection vulnerability in Best Free Law Office Management Software-v1.0 allows an attacker to execute arbitrary code and obtain sensitive information via a crafted payload to the kortex_lite/control/register_case.php interface • https://blog.csdn.net/samwbs/article/details/140954482 https://github.com/samwbs/kortexcve/blob/main/xss_register_case/XSS_register_case.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-5789 – Triton Lite <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Shortcode
https://notcve.org/view.php?id=CVE-2024-5789
The Triton Lite theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute within the theme's Button shortcode in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. • source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •