CVE-2024-38815
https://notcve.org/view.php?id=CVE-2024-38815
VMware NSX contains a content spoofing vulnerability. An unauthenticated malicious actor may be able to craft a URL and redirect a victim to an attacker controlled domain leading to sensitive information disclosure. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25047 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-47815 – Cross-site Scripting in IncidentReporting
https://notcve.org/view.php?id=CVE-2024-47815
There are a variety of Cross-site Scripting issues, though all of them require elevated permissions. • https://github.com/miraheze/IncidentReporting/commit/43896a47de4e05ac94ec0472c220da944da16c5c https://github.com/miraheze/IncidentReporting/security/advisories/GHSA-9p36-hrmr-98r9 https://issue-tracker.miraheze.org/T12702 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVE-2024-47812 – Cross-site Scripting (XSS) on Special:RequestImportQueue when displaying request date in ImportDump
https://notcve.org/view.php?id=CVE-2024-47812
Anyone who can edit the interface strings of a wiki (typically administrators and interface admins) can embed XSS payloads in the messages for dates, and thus XSS anyone who views Special:RequestImportQueue. ... This causes the XSS to be virtually useless as users with those rights can already edit Javascript pages. • https://github.com/miraheze/ImportDump/commit/d054b9529129af79d4426df24faa80014cb16602 https://github.com/miraheze/ImportDump/security/advisories/GHSA-465h-45v4-6fx9 https://issue-tracker.miraheze.org/T12698 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVE-2024-9467 – Expedition: Reflected Cross-Site Scripting Vulnerability Leads to Expedition Session Disclosure
https://notcve.org/view.php?id=CVE-2024-9467
A reflected XSS vulnerability in Palo Alto Networks Expedition enables execution of malicious JavaScript in the context of an authenticated Expedition user's browser if that user clicks on a malicious link, allowing phishing attacks that could lead to Expedition browser session theft. • https://security.paloaltonetworks.com/PAN-SA-2024-0010 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-9205 – Maximum Products per User for WooCommerce <= 4.2.8 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-9205
The Maximum Products per User for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.2.8. • source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •