CVSS: 8.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-51379
https://notcve.org/view.php?id=CVE-2024-51379
Stored Cross-Site Scripting (XSS) vulnerability discovered in JATOS v3.9.3. ... Vulnerabilidad de Cross Site Scripting (XSS) almacenado descubierta en JATOS v3.9.3. • https://hacking-notes.medium.com/cve-2024-51379-jatos-v3-9-3-stored-xss-description-component-de49d0077a96 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-51380
https://notcve.org/view.php?id=CVE-2024-51380
Stored Cross-Site Scripting (XSS) vulnerability discovered in the Properties Component of JATOS v3.9.3. ... Vulnerabilidad de Cross Site Scripting (XSS) almacenado descubierta en el componente Propiedades de JATOS v3.9.3. • https://hacking-notes.medium.com/cve-2024-51380-jatos-v3-9-3-stored-xss-properties-component-44aea338ee9c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31448 – Cross-site Scripting vulnerability in link CSV import in Combodo iTop
https://notcve.org/view.php?id=CVE-2024-31448
By filling malicious code in a CSV content, an Cross-site Scripting (XSS) attack can be performed when importing this content. ... Al introducir un código malicioso en un contenido CSV, se puede realizar un ataque de cross site scripting (XSS) al importar este contenido. • https://github.com/Combodo/iTop/security/advisories/GHSA-776w-x6v7-vfwf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50346 – WebFeed HTML injection vulnerabilities
https://notcve.org/view.php?id=CVE-2024-50346
Multiple HTML injection vulnerabilities in WebFeed can lead to CSRF and UI spoofing attacks. • https://github.com/taoso/webfeed/commit/a2d1c1c3a98f30e0bd7a1bbcb746fae484985e6d https://github.com/taoso/webfeed/security/advisories/GHSA-mrc7-2q3w-48j8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51498 – [@imput/cobalt-web] Cross-site Scripting when downloading picker image from malicious instance
https://notcve.org/view.php?id=CVE-2024-51498
A malicious cobalt instance could serve links with the `javascript:` protocol, resulting in Cross-site Scripting (XSS) when the user tries to download an item from a picker. ... Una instancia maliciosa de cobalt podría ofrecer enlaces con el protocolo `javascript:`, lo que provocaría un ataque de cross site scripting (XSS) cuando el usuario intenta descargar un elemento de un selector. • https://github.com/imputnet/cobalt/commit/66bac03e3078e4e781d2d3903c05ad66a883a354 https://github.com/imputnet/cobalt/commit/97977efabd92375f270d1818f38de3b0682c2f19 https://github.com/imputnet/cobalt/commit/c4be1d3a37b0deb6b6087ec7a815262ac942daf1 https://github.com/imputnet/cobalt/security/advisories/GHSA-cm4c-v4cm-3735 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •