CVSS: 6.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-9900 – Cross-Site Scripting (XSS) in mudler/localai
https://notcve.org/view.php?id=CVE-2024-9900
20 Mar 2025 — mudler/localai version v2.21.1 contains a Cross-Site Scripting (XSS) vulnerability in its search functionality. • https://github.com/mudler/localai/commit/a1634b219a4e52813e70ff07e6376a01449c4515 • CWE-115: Misinterpretation of Input •
CVSS: 5.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-11824 – Stored XSS in langgenius/dify
https://notcve.org/view.php?id=CVE-2024-11824
20 Mar 2025 — A stored cross-site scripting (XSS) vulnerability exists in langgenius/dify version latest, specifically in the chat log functionality. • https://github.com/langgenius/dify/commit/55edd5047e6fcbc9bb56a4ea055fcce090f3eb5d • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-10481 – Cross-Site Request Forgery (CSRF) in comfyanonymous/comfyui
https://notcve.org/view.php?id=CVE-2024-10481
20 Mar 2025 — The lack of CSRF protections on API endpoints like `/upload/image`, `/prompt`, and `/history` leaves users vulnerable to unauthorized actions, which could be combined with other vulnerabilities such as stored-XSS to further compromise user sessions. • https://huntr.com/bounties/f4d5bfb5-6ff1-4356-b81f-f8c01d2e6ded • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-7990 – Stored Cross-Site Scripting in open-webui/open-webui
https://notcve.org/view.php?id=CVE-2024-7990
20 Mar 2025 — A stored cross-site scripting (XSS) vulnerability exists in open-webui/open-webui version 0.3.8. • https://huntr.com/bounties/2256e336-0f67-449e-a82d-7fc57081a21c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-12374 – Stored XSS in automatic1111/stable-diffusion-webui
https://notcve.org/view.php?id=CVE-2024-12374
20 Mar 2025 — A stored cross-site scripting (XSS) vulnerability exists in automatic1111/stable-diffusion-webui version git 82a973c. • https://huntr.com/bounties/3dae386a-f442-4be6-87ef-956606c8a6ac • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-11441 – Stored XSS in Serge in serge-chat/serge
https://notcve.org/view.php?id=CVE-2024-11441
20 Mar 2025 — A stored cross-site scripting (XSS) vulnerability exists in Serge version 0.9.0. • https://huntr.com/bounties/ae76d1ea-21a4-456d-bef2-331aef3ea376 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 1CVE-2024-48591
https://notcve.org/view.php?id=CVE-2024-48591
20 Mar 2025 — Inflectra SpiraTeam 7.2.00 is vulnerable to Cross Site Scripting (XSS). • https://github.com/GCatt-AS/CVE-2024-48591 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53967 – Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
https://notcve.org/view.php?id=CVE-2024-53967
19 Mar 2025 — Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited to execute arbitrary code in the context of the victim's browser session. • https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53968 – Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
https://notcve.org/view.php?id=CVE-2024-53968
19 Mar 2025 — Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited to execute arbitrary code in the context of the victim's browser session. • https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53969 – Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
https://notcve.org/view.php?id=CVE-2024-53969
19 Mar 2025 — Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited to execute arbitrary code in the context of the victim's browser session. • https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •