CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-50599
https://notcve.org/view.php?id=CVE-2024-50599
A reflected Cross-Site Scripting (XSS) vulnerability has been identified in Zimbra Collaboration Suite (ZCS) 8.8.15, affecting one of the webmail calendar endpoints. • https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P46#Security_Fixes https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.2EPSS: 0%CPEs: -EXPL: 0CVE-2024-36064
https://notcve.org/view.php?id=CVE-2024-36064
The NLL com.nll.cb (aka ACR Phone) application through 0.330-playStore-NoAccessibility-arm8 for Android allows any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.nll.cb.dialer.dialer.DialerActivity component. • https://github.com/actuator/com.nll.cb/blob/main/CVE-2024-36064 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8442 – Prime Slider - Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider <= 3.15.18 - Authenticated (Contributor+) Stored Cross-Site Scripting via Blog Widget
https://notcve.org/view.php?id=CVE-2024-8442
The Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Blog widget in all versions up to, and including, 3.15.18 due to insufficient input sanitization and output escaping on user supplied attributes. • source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: -EXPL: 1CVE-2024-10928 – MonoCMS Posts Page opensaved.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-10928
The manipulation of the argument filtcategory/filtstatus leads to cross site scripting. ... Dank der Manipulation des Arguments filtcategory/filtstatus mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. • https://github.com/secuserx/CVE/blob/main/%5BXSS%20vulnerability%5D%20found%20in%20MonoCMS%2023-20240528%20-%20(opensaved.php).md https://vuldb.com/? • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: -EXPL: 1CVE-2024-10927 – MonoCMS Account Information Page account.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-10927
The manipulation of the argument userid leads to cross site scripting. ... Durch Beeinflussen des Arguments userid mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. • https://github.com/secuserx/CVE/blob/main/%5BXSS%20vulnerability%5D%20found%20in%20MonoCMS%2023-20240528%20-%20(account.php).md https://vuldb.com/? • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •