CVSS: 5.3EPSS: %CPEs: 1EXPL: 1CVE-2024-8554 – SourceCodester Clinics Patient Management System users.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-8554
The manipulation of the argument message leads to cross site scripting. ... Mit der Manipulation des Arguments message mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. • https://github.com/gurudattch/CVEs/blob/main/Sourcecodester-Clinic's-Patient-Management-System-Reflected-XSS.md https://vuldb.com/? • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.9EPSS: %CPEs: -EXPL: 1CVE-2024-8521 – Wavelog Live QSO qso index cross site scripting
https://notcve.org/view.php?id=CVE-2024-8521
The manipulation of the argument manual leads to cross site scripting. ... Durch Beeinflussen des Arguments manual mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. • submit.399819 https://github.com/wavelog/wavelog/pull/744 https://github.com/GithubUser843205/CVEs/tree/main/CVE-2024-8521 https://github.com/wavelog/wavelog/commit/b31002cec6b71ab5f738881806bb546430ec692e https://github.com/wavelog/wavelog/releases/tag/1.8.1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: %CPEs: 1EXPL: 0CVE-2024-6849 – Preloader Plus – WordPress Loading Screen Plugin <= 2.2.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
https://notcve.org/view.php?id=CVE-2024-6849
The Preloader Plus – WordPress Loading Screen Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. • source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-38640 – Download Station
https://notcve.org/view.php?id=CVE-2024-38640
A cross-site scripting (XSS) vulnerability has been reported to affect Download Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Download Station 5.8.6.283 ( 2024/06/21 ) and later • https://www.qnap.com/en/security-advisory/qsa-24-35 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.2EPSS: 0%CPEs: -EXPL: 0CVE-2024-32762 – QuLog Center
https://notcve.org/view.php?id=CVE-2024-32762
A cross-site scripting (XSS) vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow users to inject malicious code via a network. We have already fixed the vulnerability in the following versions: QuLog Center 1.8.0.872 ( 2024/06/17 ) and later QuLog Center 1.7.0.827 ( 2024/06/17 ) and later • https://www.qnap.com/en/security-advisory/qsa-24-30 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •