
CVE-2024-9544 – MapSVG - All Kinds of Maps and Store Locator for WordPress <= 8.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-9544
21 May 2025 — The MapSVG plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 8.6.4 due to insufficient input sanitization and output escaping. • source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVE-2024-57529
https://notcve.org/view.php?id=CVE-2024-57529
21 May 2025 — Cross Site Scripting vulnerability in Jeppesen JetPlanner Pro v.1.6.2.20 allows a remote attacker to execute arbitrary code. • https://medium.com/@a77777mad/xss-vulnerability-discovered-in-jetplanner-pro-a-popular-flight-planning-solution-2dd48a7f6e72 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2024-51106
https://notcve.org/view.php?id=CVE-2024-51106
19 May 2025 — A cross-site scripting (XSS) vulnerability in the component mcgs/admin/aboutus.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the pagetitle parameter. • https://github.com/0xBhushan/Writeups/blob/main/CVE/phpGurukul/Medical%20Card%20Generation%20System/Stored%20XSS-About%20Us.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2024-5878 – Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via SimpleLightbox JavaScript Library
https://notcve.org/view.php?id=CVE-2024-5878
19 May 2025 — Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled SimpleLightbox JavaScript library (version 2.1.5) in various versions due to insufficient input sanitization and output escaping on user supplied attributes. ... Múltiples complementos para WordPress son vulnerables a Cross-Site Scripting almacenado a través de la librería JavaScript SimpleLightbox (versión 2.1.5) incluida en el complemento en varias versiones, debido a una depuración de entra... • source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2024-51475 – IBM Content Navigator HTML injection
https://notcve.org/view.php?id=CVE-2024-51475
16 May 2025 — IBM Content Navigator 3.0.11, 3.0.15, and 3.1.0 is vulnerable to HTML injection. • https://www.ibm.com/support/pages/node/7233695 • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •

CVE-2024-9238 – AVIF & SVG Uploader <= 1.1.0 - Author+ Stored XSS via SVG Uplaod
https://notcve.org/view.php?id=CVE-2024-9238
15 May 2025 — The AVIF Uploader WordPress plugin before 1.1.1 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. • https://wpscan.com/vulnerability/a7de0cf6-3064-4595-9037-f8407fe40724 •

CVE-2024-56157 – iTop vulnerable to Self XSS in CSV Import
https://notcve.org/view.php?id=CVE-2024-56157
14 May 2025 — Prior to versions 3.1.3 and 3.2.1, by filling malicious code in a CSV content, a cross-site scripting attack can be performed when importing this content. • https://github.com/Combodo/iTop/security/advisories/GHSA-6p48-74j9-977j • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2024-10865 – Reflected Cross-Site Scripting vulnerability in OpenText Advanced Authentication
https://notcve.org/view.php?id=CVE-2024-10865
14 May 2025 — Improper Input validation leads to XSS or Cross-site Scripting vulnerability in OpenText Advance Authentication. ... Improper Input validation leads to XSS or Cross-site Scripting vulnerability in OpenText Advanced Authentication. ... Improper Input validation leads to XSS or Cross-site Scripting vulnerability in OpenText Advance Authentication. • https://www.netiq.com/documentation/advanced-authentication-65/advanced-authentication-releasenotes-6.5/data/advanced-authentication-releasenotes-6.5.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2024-52290 – Stored XSS in Configuration Key Functionality
https://notcve.org/view.php?id=CVE-2024-52290
14 May 2025 — Prior to version 2.1.0 user with rights to modificate the service (e.g. kuiperUser role) can inject a cross-site scripting payload into Connection Configuration key `Name` (`confKey`) parameter. ... Antes de la versión 2.1.0, los usuarios con permisos para modificar el servicio (por ejemplo, el rol kuiperUser) podían inyectar un payload de cross-site scripting en el parámetro `Name` (`confKey`) de la clave de configuración de conexión. • https://github.com/lf-edge/ekuiper/security/advisories/GHSA-9cwv-pxcr-hfjc • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2024-54779
https://notcve.org/view.php?id=CVE-2024-54779
14 May 2025 — Netgate pfSense CE (prior to 2.8.0 beta release) and corresponding Plus builds is vulnerable to Cross Site Scripting (XSS) in widgets/log.widget.php. • https://blog.brillantit.com/exploiting-pfsense-xss-command-injection-cloud-hijack • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •