CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,293 vulnerabilities with CWE-79
CVE-2024-25812 MEDIUM
MyNET < 26.05 - Reflected Cross-Site Scripting via src Parameter
CVSS 6.1
CVE-2024-35321 MEDIUM
MyNET < 26.08 - Reflected Cross-Site Scripting via msgtipo Parameter
CVSS 4.3
CVE-2024-25814 MEDIUM
MyNET < 26.05 - Reflected Cross-Site Scripting via msg Parameter
CVSS 6.1
CVE-2024-58323 MEDIUM
Kentico Xperience < 13.0.158 - Stored Cross-Site Scripting via Checkbox Form Component
CVSS 5.4
CVE-2024-58322 MEDIUM
Kentico Xperience < 13.0.158 - Stored Cross-Site Scripting in Shipping Options Configuration
CVSS 5.4
CVE-2024-58321 MEDIUM
Kentico Xperience < 13.0.159 - Stored Cross-Site Scripting via Form Validation Rule Configuration
CVSS 5.4
CVE-2024-58319 MEDIUM
Kentico Xperience < 13.0.160 - Reflected Cross-Site Scripting via Pages Dashboard Widget
CVSS 6.1
CVE-2024-58318 MEDIUM
Kentico Xperience < 13.0.162 - Stored Cross-Site Scripting via Rich Text Editor
CVSS 6.1
CVE-2024-58305 HIGH
WonderCMS 4.3.2 - Stored Cross-Site Scripting via Module Installation Endpoint
CVSS 8.8
CVE-2024-58304 HIGH
SPA-CART CMS 1.9.0.3 - Authenticated Stored Cross-Site Scripting via Product Description Parameter
CVSS 7.5
CVE-2024-58297 MEDIUM
PyroCMS v3.0.1 - Stored Cross-Site Scripting via Admin Redirects Configuration
CVSS 5.4
CVE-2024-58296 MEDIUM
CE Phoenix - Stored Cross-Site Scripting in Currencies Administration Panel
CVE-2024-58292 MEDIUM
XMB Forum 1.9.12.06 - Authenticated Stored Cross-Site Scripting via Admin Templates
CVE-2024-58291 MEDIUM
Flatboard 3.2 - Authenticated Stored Cross-Site Scripting via Forum Information Field
CVE-2024-58289 MEDIUM
Microweber 2.0.15 - Authenticated Stored Cross-Site Scripting via User Profile Fields
CVSS 5.4
CVE-2024-58285 MEDIUM
Chyrp 2.5.2 - Authenticated Stored Cross-Site Scripting via Post Title
CVSS 5.4
CVE-2024-5540 MEDIUM
ALC WebCTRL & Carrier i-Vu <8.0 - XSS
CVE-2024-8528 MEDIUM
Automated Logic WebCTRL & Carrier i-VU - XSS
CVE-2024-44661 MEDIUM
PHPGurukul Online Shopping Portal 2.0 - XSS
CVSS 5.4
CVE-2024-46335 MEDIUM
PHPGurukul Complaint Management System 2.0 - Cross-Site Scripting via fromdate and todate Parameters
CVSS 4.6
CVE-2024-44655 MEDIUM
PHPGurukul Complaint Management System 2.0 - XSS
CVSS 6.1
CVE-2024-46336 MEDIUM
kashipara School Management System 1.0 - Cross-Site Scripting via Feedback Endpoint
CVSS 6.1
CVE-2024-46334 MEDIUM
kashipara School Management System 1.0 - Cross-Site Scripting via formuser and formpassword Parameters
CVSS 6.1
CVE-2024-44647 MEDIUM
PHPGurukul Small CRM 3.0 - Cross-Site Scripting via aremark Parameter in manage-tickets.php
CVSS 6.1
CVE-2024-44635 MEDIUM
PHPGurukul Student Record System 3.20 - XSS
CVSS 6.1
Details
Vulnerabilities 45,293
Exploit Likelihood High