| 2024-10-09 | CVE-2024-9467 | Cross-site Scripting vulnerability in Paloaltonetworks Expedition
A reflected XSS vulnerability in Palo Alto Networks Expedition enables execution of malicious JavaScript in the context of an authenticated Expedition user's browser if that user clicks on a malicious link, allowing phishing attacks that could lead to Expedition browser session theft. | 6.1 |
| 2024-10-09 | CVE-2024-46237 | Cross-site Scripting vulnerability in PHPgurukul Hospital Management System 4.0
PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site Scripting (XSS) via the patname, pataddress, and medhis parameters in doctor/add-patient.php and doctor/edit-patient.php. | 5.4 |
| 2024-10-09 | CVE-2024-9451 | The Embed PDF Viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'height' and 'width' parameters in all versions up to, and including, 2.4.4 due to insufficient input sanitization and output escaping. | 6.4 |
| 2024-10-09 | CVE-2024-9449 | The Auto iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' parameter in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. | 6.4 |
| 2024-10-09 | CVE-2024-7963 | The CMSMasters Content Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's multiple shortcodes in all versions up to, and including, 1.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2024-10-08 | CVE-2024-47950 | Cross-site Scripting vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2024.07.3 stored XSS was possible in Backup configuration settings | 5.4 |
| 2024-10-08 | CVE-2024-47951 | Cross-site Scripting vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2024.07.3 stored XSS was possible via server global settings | 5.4 |
| 2024-10-08 | CVE-2024-8215 | Cross-site Scripting vulnerability in Payara
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Payara Platform Payara Server (Admin Console modules) allows Remote Code Inclusion.This issue affects Payara Server: from 5.20.0 before 5.68.0, from 6.0.0 before 6.19.0, from 6.2022.1 before 6.2024.10, from 4.1.2.191.1 before 4.1.2.191.51. | 8.4 |
| 2024-10-08 | CVE-2024-8482 | The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 1.3.982 due to insufficient input sanitization and output escaping. | 6.4 |
| 2024-10-08 | CVE-2024-9207 | The BuddyPress Docs plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.2.3. | 6.1 |