CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-13569 – Front End Users <= 3.2.32 - Reflected XSS
https://notcve.org/view.php?id=CVE-2024-13569
22 Apr 2025 — The Front End Users WordPress plugin through 3.2.32 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. • https://wpscan.com/vulnerability/b9742440-0e36-4900-b58e-41c9854a62b2 •
CVSS: 5.6EPSS: 0%CPEs: -EXPL: 0CVE-2024-12863 – Stored XSS in Discussions functionality
https://notcve.org/view.php?id=CVE-2024-12863
21 Apr 2025 — Stored XSS in Discussions in OpenText Content Management CE 20.2 to 25.1 on Windows and Linux allows authenticated malicious users to inject code into the system. • https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0839121 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-41446
https://notcve.org/view.php?id=CVE-2024-41446
21 Apr 2025 — A stored cross-site scripting (XSS) vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the image parameter under the Create/Modify article function. • https://github.com/Sidd545-cr/CVE/blob/main/CVE-2024-41446%20-%20Stored%20XSS%20in%20image%20copyright%20attribute.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-42699
https://notcve.org/view.php?id=CVE-2024-42699
21 Apr 2025 — Cross Site Scripting vulnerability in Create/Modify article function in Alkacon OpenCMS 17.0 allows remote attacker to inject javascript payload via image title sub-field in the image field • https://github.com/Sidd545-cr/CVE/blob/main/CVE-2024-42699%20-%20Stored%20XSS%20in%20image%20title.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13650 – Piotnet Addons For Elementor <= 2.4.34 - Authenticated (Contributor+) Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-13650
17 Apr 2025 — The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'PAFE Before After Image Comparison Slider' widget in all versions up to, and including, 2.4.34 due to insufficient input sanitization and output escaping. • source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-40124
https://notcve.org/view.php?id=CVE-2024-40124
17 Apr 2025 — Pydio Core <= 8.2.5 is vulnerable to Cross Site Scripting (XSS) via the New URL Bookmark feature. • https://gist.github.com/Xib3rR4dAr/711195d5793bfbb4364dc179ecaae25d • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52281 – Stored Cross-site Scripting vulnerability in Rancher UI
https://notcve.org/view.php?id=CVE-2024-52281
16 Apr 2025 — A: Improper Neutralization of Input During Web Page Generation vulnerability in SUSE rancher allows a malicious actor to perform a Stored XSS attack through the cluster description field. This issue affects rancher: from 2.9.0 before 2.9.4. A: Improper Neutralization of Input During Web Page Generation vulnerability in SUSE rancher allows a malicious actor to perform a Stored XSS attack through the cluster description field. • id=CVE-2024-52281 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-40069
https://notcve.org/view.php?id=CVE-2024-40069
16 Apr 2025 — Sourcecodester Online ID Generator System 1.0 was discovered to contain Stored Cross Site Scripting (XSS) via id_generator/classes/Users.php? • https://github.com/DiliLearngent/BugReport/blob/main/php/Online-ID-Generator-System/bug7-XSS-firstname-lastname.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-40074
https://notcve.org/view.php?id=CVE-2024-40074
16 Apr 2025 — Sourcecodester Online ID Generator System 1.0 was discovered to contain Stored Cross Site Scripting (XSS) via id_generator/classes/SystemSettings.php? • https://github.com/DiliLearngent/BugReport/blob/main/php/Online-ID-Generator-System/bug1-XSS-short_name.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-42200 – HCL BigFix Web Reports is potentially susceptible to a Stored Cross-Site Scripting (XSS) attack
https://notcve.org/view.php?id=CVE-2024-42200
15 Apr 2025 — HCL BigFix Web Reports might be subject to a Stored Cross-Site Scripting (XSS) attack, due to a potentially weak validation of user input. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0120585 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •