CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51735 – Stored Cross-site Scripting to RCE on Osmedeus Web Server
https://notcve.org/view.php?id=CVE-2024-51735
Cross-site Scripting (XSS) occurs on the Osmedues web server when viewing results from the workflow, allowing commands to be executed on the server. ... However, the file contents are not properly filtered, leading to XSS. ... Se produce un ataque de Cross Site Scripting (XSS) en el servidor web de Osmedeus cuando se visualizan los resultados del workflow, lo que permite ejecutar comandos en el servidor. ... Sin embargo, los contenidos de los archivos no se filtran correctamente, lo que genera un ataque de Cross Site Scripting (XSS). • https://github.com/j3ssie/osmedeus/security/advisories/GHSA-wvv7-wm5v-w2gv • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 1CVE-2024-50335 – Authenticated XSS in "Publish Key" Field Allowing Unauthorized Administrator User Creation in SuiteCRM
https://notcve.org/view.php?id=CVE-2024-50335
The "Publish Key" field in SuiteCRM's Edit Profile page is vulnerable to Reflected Cross-Site Scripting (XSS), allowing an attacker to inject malicious JavaScript code. ... El campo "Clave de publicación" de la página Editar perfil de SuiteCRM es vulnerable a Cross-Site Scripting reflejado (XSS), lo que permite a un atacante inyectar código JavaScript malicioso. • https://github.com/shellkraft/CVE-2024-50335 https://github.com/salesagility/SuiteCRM/security/advisories/GHSA-8rw6-g96j-3w7m • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49377 – Jinja2 Templates are vulnerable to XSS attacks due to their configuration in OctoPrint
https://notcve.org/view.php?id=CVE-2024-49377
OctoPrint versions up until and including 1.10.2 contain reflected XSS vulnerabilities in the login dialog and the standalone application key confirmation dialog. ... Las versiones de OctoPrint hasta la 1.10.2 incluida contienen vulnerabilidades XSS reflejadas en el cuadro de diálogo de inicio de sesión y en el cuadro de diálogo de confirmación de clave de aplicación independiente. • https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-xvxq-g8hw-fx4g • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10842 – romadebrian WEB-Sekolah Backend Proses_Edit_Akun.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-10842
The manipulation of the argument Username_Baru/Password leads to cross site scripting. ... Durch die Manipulation des Arguments Username_Baru/Password mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. • https://github.com/2537463005/a/blob/main/WEB-Sekolah%E5%90%8E%E5%8F%B0%E5%AD%98%E5%82%A8%E5%9E%8Bxss.md https://vuldb.com/?ctiid.283088 https://vuldb.com/?id.283088 https://vuldb.com/?submit.429558 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-707: Improper Neutralization •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10840 – romadebrian WEB-Sekolah Backend akun_edit.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-10840
The manipulation of the argument kode leads to cross site scripting. ... Dank Manipulation des Arguments kode mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. • https://github.com/2537463005/a/blob/main/WEB-Sekolah%E5%90%8E%E5%8F%B0%E5%AD%98%E5%82%A8%E5%9E%8Bxss.md https://vuldb.com/?ctiid.283086 https://vuldb.com/?id.283086 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-707: Improper Neutralization •