CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-20511 – Cisco Unified Communications Manager Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2024-20511
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-SVCkMMW • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-20504 – Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance Stored Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2024-20504
A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user input. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-wsa-sma-xss-zYm3f49n • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2024-20487 – Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerabiliy
https://notcve.org/view.php?id=CVE-2024-20487
A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to conduct a stored XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-vulns-AF544ED5 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-35146 – IBM Maximo Application Suite cross-site scripting
https://notcve.org/view.php?id=CVE-2024-35146
IBM Maximo Application Suite - Monitor Component 8.10.11, 8.11.8, and 9.0.0 is vulnerable to cross-site scripting. • https://www.ibm.com/support/pages/node/7174946 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-9934 – Wp-ImageZoom <= 1.1.0 - Reflected XSS
https://notcve.org/view.php?id=CVE-2024-9934
The Wp-ImageZoom WordPress plugin through 1.1.0 does not sanitise and escape some parameters before outputting them back in a page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin • https://wpscan.com/vulnerability/53e640a7-833e-40de-93d4-acea28aff5a5 •