CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10807 – PHPGurukul Hospital Management System search.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-10807
The manipulation of the argument searchdata leads to cross site scripting. ... La manipulación del argumento searchdata conduce a cross site scripting. ... Dank Manipulation des Arguments searchdata mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. • https://github.com/secuserx/CVE/blob/main/%5BXSS%20vulnerability%5D%20found%20in%20Hospital%20Management%20System%20(HMS)%204.0%20-%20(search.php).md https://phpgurukul.com https://vuldb.com/? • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-707: Improper Neutralization •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10806 – PHPGurukul Hospital Management System betweendates-detailsreports.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-10806
The manipulation of the argument fromdate/todate leads to cross site scripting. ... La manipulación del argumento fromdate/todate provoca cross site scripting. ... Dank der Manipulation des Arguments fromdate/todate mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. • https://github.com/secuserx/CVE/blob/main/%5BXSS%20vulnerability%5D%20found%20in%20Hospital%20Management%20System%20(HMS)%204.0%20-%20(betweendates-detailsreports.php).md https://phpgurukul.com https://vuldb.com/? • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-707: Improper Neutralization •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10715 – MapPress Maps for WordPress <= 2.94.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Map Block
https://notcve.org/view.php?id=CVE-2024-10715
The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Map block in all versions up to, and including, 2.94.1 due to insufficient input sanitization and output escaping on user supplied attributes. • source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10647 – WS Form LITE – Drag & Drop Contact Form Builder for WordPress <= 1.9.244 - Reflected Cross-Site Scripting via URL
https://notcve.org/view.php?id=CVE-2024-10647
The WS Form LITE – Drag & Drop Contact Form Builder for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.9.244. • source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-48312
https://notcve.org/view.php?id=CVE-2024-48312
WebLaudos v20.8 (118) was discovered to contain a cross-site scripting (XSS) vulnerability via the login page. Se descubrió que WebLaudos v20.8 (118) contenía una vulnerabilidad de Cross Site Scripting (XSS) a través de la página de inicio de sesión. • https://medium.com/%40wagneralves_87750/poc-cve-weblaudos-d1ec40cfc183 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •