CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,293 vulnerabilities with CWE-79
CVE-2024-7083 LOW
Email Encoder < 2.3.4 - Admin+ Stored XSS
CVSS 3.5
CVE-2024-4867 MEDIUM
Cross-Site Scripting via Developer Portal in WSO2 API Manager Enables UI Modification and Information Retrieval
CVSS 5.4
CVE-2024-10242 MEDIUM
Reflected Cross-Site Scripting via Authentication Endpoint in WSO2 API Manager Allows UI Modification and Redirection
CVSS 6.1
CVE-2024-46879 MEDIUM
Tiki < 21.11 - Reflected Cross-Site Scripting via tiki-admin_system.php zipPath Parameter
CVSS 5.4
CVE-2024-46878 MEDIUM
Tiki < 27.1 - Cross-Site Scripting via tiki-editpage.php Page Parameter
CVSS 5.4
CVE-2024-51226 MEDIUM
Phpgurukul Vehicle Record Management System 1.0 - XSS
CVSS 6.1
CVE-2024-51225 MEDIUM
Phpgurukul Vehicle Record Management System 1.0 - XSS
CVSS 4.8
CVE-2024-51224 MEDIUM
Phpgurukul Vehicle Record Management System 1.0 - XSS
CVSS 4.8
CVE-2024-51223 MEDIUM
Phpgurukul Vehicle Record Management System 1.0 - XSS
CVSS 4.8
CVE-2024-51222 MEDIUM
Phpgurukul Vehicle Record Management System 1.0 - XSS
CVSS 4.8
CVE-2024-31119 MEDIUM
WordPress Download Special Box for Content plugin <= 1 - Cross Site Scripting (XSS) vulnerability
CVSS 5.9
CVE-2024-42210 HIGH
HCL Unica Marketing Operations v12.1.8 and lower is affected by a Stored cross-site scripting (XSS) vulnerability
CVSS 7.6
CVE-2024-35644 MEDIUM
Preferred Languages <= 2.2.2 - DOM-Based Cross-Site Scripting
CVSS 5.9
CVE-2024-56208 MEDIUM
NewsMash <= 1.0.71 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-52387 MEDIUM
Master Addons for Elementor <=2.0.9.9.4 - XSS
CVSS 5.9
CVE-2024-51915 MEDIUM
LiteSpeed Cache <= 6.5.2 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-50555 MEDIUM
Elementor Website Builder <=3.29.0 - XSS
CVSS 6.5
CVE-2024-50452 MEDIUM
POSIMYTH Nexter Blocks <= 3.3.3 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-31088 MEDIUM
AdsPlace'r - Ad Manager, Inserter, AdSense Ads <= 1.1.5 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2024-30547 HIGH
Shazdeh Header Image Slider <0.4 - XSS
CVSS 7.1
CVE-2024-53735 HIGH
Corourke iPhone Webclip Manager - XSS
CVSS 7.1
CVE-2024-30461 HIGH
Tumult Hype Animations <1.9.11 - XSS
CVSS 7.1
CVE-2024-23511 MEDIUM
The Plus Addons for Elementor Page Builder Lite <= 5.3.3 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2024-40317 MEDIUM
MyNET < 26.08 - Reflected Cross-Site Scripting via HTTP Parameter
CVSS 6.1
CVE-2024-35322 MEDIUM
MyNET < 26.08 - Reflected Cross-Site Scripting via Ficheiro Parameter
CVSS 6.1
Details
Vulnerabilities 45,293
Exploit Likelihood High