CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52794 – Magnific lightbox susceptible to Cross-site Scripting in Discourse
https://notcve.org/view.php?id=CVE-2024-52794
Discourse is an open source platform for community discussion. Users clicking on the lightbox thumbnails could be affected. This problem is patched in the latest version of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability. • https://github.com/discourse/discourse/security/advisories/GHSA-m3v4-v2rp-hfm9 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11331 – isee-products-extractor <= 2.1.3 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-11331
The استخراج محصولات ووکامرس برای آیسی plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.1.3. • source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11878 – Category Post Slider <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-11878
The Category Post Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'category-post-slider' shortcode in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping on user supplied attributes. • source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11893 – Spoki – Chat Buttons and WooCommerce Notifications <= 2.15.14 - Authenticated (Contributor+) Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-11893
The Spoki – Chat Buttons and WooCommerce Notifications plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'spoki_button' shortcode in all versions up to, and including, 2.15.14 due to insufficient input sanitization and output escaping on user supplied attributes. • source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12506 – NACC WordPress Plugin <= 4.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-12506
The NACC WordPress Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'nacc' shortcode in all versions up to, and including, 4.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. • source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •