CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53970 – Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
https://notcve.org/view.php?id=CVE-2024-53970
19 Mar 2025 — Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. • https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-55009
https://notcve.org/view.php?id=CVE-2024-55009
19 Mar 2025 — A reflected cross-site scripting (XSS) vulnerability in AutoBib - Bibliographic collection management system 3.1.140 and earlier allows attackers to execute arbitrary Javascript in the context of a victim's browser via injecting a crafted payload into the WCE=topFrame&WCU= parameter. • https://medium.com/@r3dd1t/poc-cve-0b3ad0535631 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51624 – WordPress Já-Já Pagamentos for WooCommerce plugin <= 1.3.0 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-51624
17 Mar 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jajapagamentos Já-Já Pagamentos for WooCommerce allows Reflected XSS. ... The Já-Já Pagamentos for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping. • https://patchstack.com/database/wordpress/plugin/wc-ja-ja-pagamentos-multicaixa-express/vulnerability/wordpress-ja-ja-pagamentos-for-woocommerce-plugin-1-3-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12020 – Reflected Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2024-12020
14 Mar 2025 — There is a reflected cross-site scripting (XSS) within JSP files used to control application appearance. There is a reflected cross-site scripting (XSS) within JSP files used to control application appearance. ... Stealing the session cookie is not possible due to cookie security flags, however the XSS may be used to induce a victim to perform on-site requests without their knowledge. Stealing the session cookie is not possible due to cookie security flags, however the ... • https://www.blackduck.com/blog/cyrc-advisory-logicaldoc.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13497 – WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto <= 8.0.9 - Unauthenticated Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-13497
14 Mar 2025 — The WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto plugin for WordPress is vulnerable to Stored Cross-Site Scripting via attachment uploads in all versions up to, and including, 8.0.9 due to insufficient input sanitization and output escaping. • source=cve • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13847 – Portfolio and Projects <= 1.5.3 - Authenticated (Administrator+) Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-13847
14 Mar 2025 — The Portfolio and Projects plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping. • source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.6EPSS: 0%CPEs: 7EXPL: 0CVE-2024-26006
https://notcve.org/view.php?id=CVE-2024-26006
14 Mar 2025 — An improper neutralization of input during web page Generation vulnerability [CWE-79] in FortiOS version 7.4.3 and below, version 7.2.7 and below, version 7.0.13 and below and FortiProxy version 7.4.3 and below, version 7.2.9 and below, version 7.0.16 and below web SSL VPN UI may allow a remote unauthenticated attacker to perform a Cross-Site Scripting attack via a malicious samba server. • https://fortiguard.fortinet.com/psirt/FG-IR-23-485 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-28803
https://notcve.org/view.php?id=CVE-2024-28803
13 Mar 2025 — Cross-site scripting (XSS) vulnerability in Italtel S.p.A. i-MCS NFV v.12.1.0-20211215 allows unauthenticated remote attackers to inject arbitrary web script or HTML into HTTP/POST parameter • https://www.gruppotim.it/it/footer/red-team.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 1CVE-2024-55060
https://notcve.org/view.php?id=CVE-2024-55060
13 Mar 2025 — A cross-site scripting (XSS) vulnerability in the component index.php of Rafed CMS Website v1.44 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. • https://github.com/bigzooooz/CVE-2024-55060 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-22880
https://notcve.org/view.php?id=CVE-2024-22880
13 Mar 2025 — Cross Site Scripting vulnerability in Zadarma Zadarma extension v.1.0.11 allows a remote attacker to execute a arbitrary code via a crafted script to the webchat component. • https://gist.github.com/sAjibuu/372fd7d103218dabac95bf12580adbe4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •