CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45406 – Craft CMS stored XSS in breadcrumb list and title fields
https://notcve.org/view.php?id=CVE-2024-45406
Craft is a content management system (CMS). Craft CMS 5 stored XSS can be triggered by the breadcrumb list and title fields with user input. • https://github.com/craftcms/cms/commit/b7348942f8131b3868ec6f46d615baae50151bb8 https://github.com/craftcms/cms/security/advisories/GHSA-28h4-788g-rh42 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7657 – Gila CMS HTTP POST Request page cross site scripting
https://notcve.org/view.php?id=CVE-2024-7657
A vulnerability classified as problematic was found in Gila CMS 1.10.9. This vulnerability affects unknown code of the file /cm/update_rows/page?id=2 of the component HTTP POST Request Handler. The manipulation of the argument content leads to cross site scripting. The attack can be initiated remotely. • https://vuldb.com/?ctiid.274114 https://vuldb.com/?id.274114 https://vuldb.com/?submit.384630 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.1EPSS: 0%CPEs: 3EXPL: 1CVE-2024-7551 – juzaweb CMS Theme Editor default path traversal
https://notcve.org/view.php?id=CVE-2024-7551
A vulnerability was found in juzaweb CMS up to 3.4.2. It has been classified as problematic. Affected is an unknown function of the file /admin-cp/theme/editor/default of the component Theme Editor. The manipulation leads to path traversal. It is possible to launch the attack remotely. • https://github.com/DeepMountains/Mirage/blob/main/CVE9-1.md https://vuldb.com/?ctiid.273696 https://vuldb.com/?id.273696 https://vuldb.com/?submit.381444 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7300 – Bolt CMS Showcase Creation showcases cross site scripting
https://notcve.org/view.php?id=CVE-2024-7300
A vulnerability classified as problematic has been found in Bolt CMS 3.7.1. Affected is an unknown function of the file /bolt/editcontent/showcases of the component Showcase Creation Handler. The manipulation of the argument textarea leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?ctiid.273168 https://vuldb.com/?id.273168 https://vuldb.com/?submit.380678 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7299 – Bolt CMS Entry Preview page cross site scripting
https://notcve.org/view.php?id=CVE-2024-7299
A vulnerability was found in Bolt CMS 3.7.1. It has been rated as problematic. This issue affects some unknown processing of the file /preview/page of the component Entry Preview Handler. The manipulation of the argument body leads to cross site scripting. The attack may be initiated remotely. • https://vuldb.com/?ctiid.273167 https://vuldb.com/?id.273167 https://vuldb.com/?submit.379971 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •