CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-9699 – Cross-Site Scripting (XSS) in flatpressblog/flatpress
https://notcve.org/view.php?id=CVE-2024-9699
20 Mar 2025 — This can lead to a Cross-Site Scripting (XSS) attack if the uploaded file is accessed by other users. • https://github.com/flatpressblog/flatpress/commit/f364391085334a7eae02aa2320edd6de7466ec85 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-10724 – Stored XSS in IPV6 Section in phpipam/phpipam
https://notcve.org/view.php?id=CVE-2024-10724
20 Mar 2025 — A stored cross-site scripting (XSS) vulnerability exists in phpipam/phpipam version 1.5.2, specifically in the Subnet NAT translations section when editing the Destination address. • https://github.com/phpipam/phpipam/commit/c1697bb6c4e4a6403d69c0868e1eb1040f98b731 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-10723 – Stored XSS in phpipam/phpipam
https://notcve.org/view.php?id=CVE-2024-10723
20 Mar 2025 — A stored cross-site scripting (XSS) vulnerability was discovered in phpipam/phpipam version 1.5.2. • https://github.com/phpipam/phpipam/commit/c1697bb6c4e4a6403d69c0868e1eb1040f98b731 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-8029 – Stored XSS in imartinez/privategpt
https://notcve.org/view.php?id=CVE-2024-8029
20 Mar 2025 — An XSS vulnerability was discovered in the upload file(s) process of imartinez/privategpt v0.5.0. • https://huntr.com/bounties/5941dc63-a4db-4b04-8007-bcaa828106d0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-10725 – Stored Cross-site Scripting (XSS) in phpipam/phpipam
https://notcve.org/view.php?id=CVE-2024-10725
20 Mar 2025 — A stored cross-site scripting (XSS) vulnerability exists in phpipam/phpipam version 1.5.2. • https://github.com/phpipam/phpipam/commit/c1697bb6c4e4a6403d69c0868e1eb1040f98b731 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-9900 – Cross-Site Scripting (XSS) in mudler/localai
https://notcve.org/view.php?id=CVE-2024-9900
20 Mar 2025 — mudler/localai version v2.21.1 contains a Cross-Site Scripting (XSS) vulnerability in its search functionality. • https://github.com/mudler/localai/commit/a1634b219a4e52813e70ff07e6376a01449c4515 • CWE-115: Misinterpretation of Input •
CVSS: 5.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-11824 – Stored XSS in langgenius/dify
https://notcve.org/view.php?id=CVE-2024-11824
20 Mar 2025 — A stored cross-site scripting (XSS) vulnerability exists in langgenius/dify version latest, specifically in the chat log functionality. • https://github.com/langgenius/dify/commit/55edd5047e6fcbc9bb56a4ea055fcce090f3eb5d • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-10481 – Cross-Site Request Forgery (CSRF) in comfyanonymous/comfyui
https://notcve.org/view.php?id=CVE-2024-10481
20 Mar 2025 — The lack of CSRF protections on API endpoints like `/upload/image`, `/prompt`, and `/history` leaves users vulnerable to unauthorized actions, which could be combined with other vulnerabilities such as stored-XSS to further compromise user sessions. • https://huntr.com/bounties/f4d5bfb5-6ff1-4356-b81f-f8c01d2e6ded • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-7990 – Stored Cross-Site Scripting in open-webui/open-webui
https://notcve.org/view.php?id=CVE-2024-7990
20 Mar 2025 — A stored cross-site scripting (XSS) vulnerability exists in open-webui/open-webui version 0.3.8. • https://huntr.com/bounties/2256e336-0f67-449e-a82d-7fc57081a21c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-12374 – Stored XSS in automatic1111/stable-diffusion-webui
https://notcve.org/view.php?id=CVE-2024-12374
20 Mar 2025 — A stored cross-site scripting (XSS) vulnerability exists in automatic1111/stable-diffusion-webui version git 82a973c. • https://huntr.com/bounties/3dae386a-f442-4be6-87ef-956606c8a6ac • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •