CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10701 – PHPGurukul Car Rental Portal search.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-10701
The manipulation of the argument searchdata leads to cross site scripting. ... Durch Manipulation des Arguments searchdata mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. • https://github.com/secuserx/CVE/blob/main/%5BXSS%20vulnerability%5D%20found%20in%20Car%20Rental%20Portal%203.0%20-%20(search.php).md https://phpgurukul.com https://vuldb.com/? • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9896 – BBP Core – Expand bbPress powered forums with useful features <= 1.2.5 - Reflected Cross-Site Scripting via add_query_arg Parameter
https://notcve.org/view.php?id=CVE-2024-9896
The BBP Core – Expand bbPress powered forums with useful features plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.2.5. • source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41745 – IBM CICS TX Standard cross-site scripting
https://notcve.org/view.php?id=CVE-2024-41745
IBM CICS TX Standard is vulnerable to cross-site scripting. • https://www.ibm.com/support/pages/node/7174576 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51492 – Zusam vulnerable to stored XSS, allowing token theft via crafted SVG
https://notcve.org/view.php?id=CVE-2024-51492
Version 0.5.6 fixes the cross-site scripting vulnerability. • https://github.com/zusam/zusam/commit/5930fdf86fa4abed01f0b345c8ec3c443656db9a https://github.com/zusam/zusam/releases/tag/0.5.6 https://github.com/zusam/zusam/security/advisories/GHSA-96fx-5rqv-jfxh https://pfeister.dev/CVE-2024-51492 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10652 – CHANGING Information Technology IDExpert - Reflected XSS
https://notcve.org/view.php?id=CVE-2024-10652
IDExpert from CHANGING Information Technology does not properly validate a parameter for a specific functionality, allowing unauthenticated remote attackers to inject JavsScript code and perform Reflected Cross-site scripting attacks. • https://www.twcert.org.tw/en/cp-139-8173-f8bbc-2.html https://www.twcert.org.tw/tw/cp-132-8172-a02cc-1.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •