CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38380 – Millbeck Communications Proroute H685t-w Cross-site Scripting.
https://notcve.org/view.php?id=CVE-2024-38380
This vulnerability occurs when user-supplied input is improperly sanitized and then reflected back to the user's browser, allowing an attacker to execute arbitrary JavaScript in the context of the victim's browser session. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-261-02 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-38860 – Reflected links in error message facilitate phishing attacks
https://notcve.org/view.php?id=CVE-2024-38860
Improper neutralization of input in Checkmk before versions 2.3.0p16 and 2.2.0p34 allows attackers to craft malicious links that can facilitate phishing attacks. • https://checkmk.com/werk/17094 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-7873 – Stored XSS in Veribilim Software's Veribase Order Management
https://notcve.org/view.php?id=CVE-2024-7873
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting'), Improper Encoding or Escaping of Output, CWE - 83 Improper Neutralization of Script in Attributes in a Web Page vulnerability in Veribilim Software Veribase Order allows Stored XSS, Cross-Site Scripting (XSS), Exploit Script-Based APIs, XSS Through HTTP Headers.This issue affects Veribase Order: before v4.010.3. • https://www.usom.gov.tr/bildirim/tr-24-1485 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-116: Improper Encoding or Escaping of Output •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-8092 – Accordion Image Menu <= 3.1.3 - Stored XSS via CSRF
https://notcve.org/view.php?id=CVE-2024-8092
The Accordion Image Menu WordPress plugin through 3.1.3 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. • https://wpscan.com/vulnerability/d5a91ceb-8a92-4f99-b7b7-1c4e0a587022 •
CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 1CVE-2024-5170 – Logo Manager For Enamad <= 0.7.1 - Admin+ Stored XSS via Widget
https://notcve.org/view.php?id=CVE-2024-5170
The Logo Manager For Enamad WordPress plugin through 0.7.1 does not sanitise and escape in its widgets settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) • https://wpscan.com/vulnerability/37b5ed06-0633-49e0-b47d-8aa2f4510179 •