CVSS: 8.2EPSS: 0%CPEs: -EXPL: 0CVE-2024-10720 – Stored Cross-site Scripting (XSS) in phpipam/phpipam
https://notcve.org/view.php?id=CVE-2024-10720
20 Mar 2025 — A stored cross-site scripting (XSS) vulnerability exists in phpipam/phpipam version 1.5.2. • https://github.com/phpipam/phpipam/commit/c1697bb6c4e4a6403d69c0868e1eb1040f98b731 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-8027 – Stored Cross-Site Scripting (XSS) in netease-youdao/QAnything
https://notcve.org/view.php?id=CVE-2024-8027
20 Mar 2025 — A stored Cross-Site Scripting (XSS) vulnerability exists in netease-youdao/QAnything. Attackers can upload malicious knowledge files to the knowledge base, which can trigger XSS attacks during user chats. • https://huntr.com/bounties/cf75f024-3d64-416d-adfe-c4255d7c3f34 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-10722 – Stored Cross-site Scripting (XSS) in phpipam/phpipam
https://notcve.org/view.php?id=CVE-2024-10722
20 Mar 2025 — A stored cross-site scripting (XSS) vulnerability exists in phpipam/phpipam version 1.5.2. • https://github.com/phpipam/phpipam/commit/c1697bb6c4e4a6403d69c0868e1eb1040f98b731 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-10819 – CSRF to XSS in binary-husky/gpt_academic
https://notcve.org/view.php?id=CVE-2024-10819
20 Mar 2025 — The uploaded file can contain malicious scripts, leading to stored Cross-Site Scripting (XSS) attacks. Through stored XSS, an attacker can steal information about the victim and perform any action on their behalf. • https://huntr.com/bounties/45270c4b-a500-4374-a90b-37b604a3ace0 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-9311 – Cross-Site Request Forgery to XSS in haotian-liu/llava
https://notcve.org/view.php?id=CVE-2024-9311
20 Mar 2025 — A Cross-Site Request Forgery (CSRF) vulnerability in haotian-liu/llava v1.2.0 (LLaVA-1.6) allows an attacker to upload files with malicious content without authentication or user interaction. The uploaded file is stored in a predictable path, enabling the attacker to execute arbitrary JavaScript code in the context of the victim's browser by visiting the crafted file URL. This can lead to theft of sensitive information, session hijacking, or other actions compromising the security and privacy of the victim. • https://huntr.com/bounties/15b18b85-5a6b-43e7-bc65-6b4772871e98 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-7044 – Stored XSS in open-webui/open-webui
https://notcve.org/view.php?id=CVE-2024-7044
20 Mar 2025 — A Stored Cross-Site Scripting (XSS) vulnerability exists in the chat file upload functionality of open-webui/open-webui version 0.3.8. • https://huntr.com/bounties/c25a885c-d6e2-4169-9ee8-4d33bcbb5ef6 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-9107 – Stored XSS in gaizhenbiao/chuanhuchatgpt
https://notcve.org/view.php?id=CVE-2024-9107
20 Mar 2025 — A stored cross-site scripting (XSS) vulnerability exists in the gaizhenbiao/chuanhuchatgpt repository, affecting version git 20b2e02. • https://huntr.com/bounties/a2972c51-4780-4f60-afbf-a7a8ee4066ea • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-10719 – Stored Cross-site Scripting (XSS) in phpipam/phpipam
https://notcve.org/view.php?id=CVE-2024-10719
20 Mar 2025 — A stored cross-site scripting (XSS) vulnerability exists in phpipam version 1.5.2, specifically in the circuits options functionality. • https://github.com/phpipam/phpipam/commit/c1697bb6c4e4a6403d69c0868e1eb1040f98b731 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-6827 – HTTP Request Smuggling in benoitc/gunicorn
https://notcve.org/view.php?id=CVE-2024-6827
20 Mar 2025 — This vulnerability can lead to cache poisoning, data exposure, session manipulation, SSRF, XSS, DoS, data integrity compromise, security bypass, information leakage, and business logic abuse. • https://huntr.com/bounties/1b4f8f38-39da-44b6-9f98-f618639d0dd7 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 9.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-4023 – Stored XSS in flatpressblog/flatpress
https://notcve.org/view.php?id=CVE-2024-4023
20 Mar 2025 — A stored cross-site scripting (XSS) vulnerability exists in flatpressblog/flatpress version 1.3. • https://github.com/flatpressblog/flatpress/commit/3c9cc69364a45fd3f92d4bd606344b5dd1205d6a • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •