CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9178 – XT Floating Cart for WooCommerce <= 2.8.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
https://notcve.org/view.php?id=CVE-2024-9178
The XT Floating Cart for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.8.2 due to insufficient input sanitization and output escaping. ... El complemento XT Floating Cart para WooCommerce para WordPress es vulnerable a Cross-Site Scripting almacenado a través de cargas de archivos SVG en todas las versiones hasta la 2.8.2 incluida, debido a una desinfección de entrada y un escape de salida insuficientes. • source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9878 – Photo Gallery by 10Web <= 1.8.30 - Authenticated (Administrator+) Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-9878
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.8.30 due to insufficient input sanitization and output escaping. ... El complemento Photo Gallery de 10Web – Mobile-Friendly Image Gallery para WordPress es vulnerable a Cross-Site Scripting almacenado a través de la configuración de administrador en todas las versiones hasta la 1.8.30 incluida, debido a una desinfección de entrada y un escape de salida insuficientes. • source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9667 – Seriously Simple Podcasting <= 3.5.0 - Reflected Cross-Site Scripting via add_query_arg Parameter
https://notcve.org/view.php?id=CVE-2024-9667
The Seriously Simple Podcasting plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.5.0. • source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9443 – Basticom Framework <= 1.5.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
https://notcve.org/view.php?id=CVE-2024-9443
The Basticom Framework plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping. • source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10768 – PHPGurukul Online Shopping Portal two_tables.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-10768
The manipulation of the argument scripts leads to cross site scripting. ... Mit der Manipulation des Arguments scripts mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. • https://github.com/secuserx/CVE/blob/main/%5BXSS%20vulnerability%5D%20found%20in%20Online%20Shopping%20Portal%202.0%20-%20(two_tables.php).md https://phpgurukul.com https://vuldb.com/? • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-707: Improper Neutralization •