CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,293 vulnerabilities with CWE-79
CVE-2024-25812
MEDIUM
MyNET < 26.05 - Reflected Cross-Site Scripting via src Parameter
CVSS 6.1
CVE-2024-35321
MEDIUM
MyNET < 26.08 - Reflected Cross-Site Scripting via msgtipo Parameter
CVSS 4.3
CVE-2024-25814
MEDIUM
MyNET < 26.05 - Reflected Cross-Site Scripting via msg Parameter
CVSS 6.1
CVE-2024-58323
MEDIUM
Kentico Xperience < 13.0.158 - Stored Cross-Site Scripting via Checkbox Form Component
CVSS 5.4
CVE-2024-58322
MEDIUM
Kentico Xperience < 13.0.158 - Stored Cross-Site Scripting in Shipping Options Configuration
CVSS 5.4
CVE-2024-58321
MEDIUM
Kentico Xperience < 13.0.159 - Stored Cross-Site Scripting via Form Validation Rule Configuration
CVSS 5.4
CVE-2024-58319
MEDIUM
Kentico Xperience < 13.0.160 - Reflected Cross-Site Scripting via Pages Dashboard Widget
CVSS 6.1
CVE-2024-58318
MEDIUM
Kentico Xperience < 13.0.162 - Stored Cross-Site Scripting via Rich Text Editor
CVSS 6.1
CVE-2024-58305
HIGH
WonderCMS 4.3.2 - Stored Cross-Site Scripting via Module Installation Endpoint
CVSS 8.8
CVE-2024-58304
HIGH
SPA-CART CMS 1.9.0.3 - Authenticated Stored Cross-Site Scripting via Product Description Parameter
CVSS 7.5
CVE-2024-58297
MEDIUM
PyroCMS v3.0.1 - Stored Cross-Site Scripting via Admin Redirects Configuration
CVSS 5.4
CVE-2024-58296
MEDIUM
CE Phoenix - Stored Cross-Site Scripting in Currencies Administration Panel
CVE-2024-58292
MEDIUM
XMB Forum 1.9.12.06 - Authenticated Stored Cross-Site Scripting via Admin Templates
CVE-2024-58291
MEDIUM
Flatboard 3.2 - Authenticated Stored Cross-Site Scripting via Forum Information Field
CVE-2024-58289
MEDIUM
Microweber 2.0.15 - Authenticated Stored Cross-Site Scripting via User Profile Fields
CVSS 5.4
CVE-2024-58285
MEDIUM
Chyrp 2.5.2 - Authenticated Stored Cross-Site Scripting via Post Title
CVSS 5.4
CVE-2024-5540
MEDIUM
ALC WebCTRL & Carrier i-Vu <8.0 - XSS
CVE-2024-8528
MEDIUM
Automated Logic WebCTRL & Carrier i-VU - XSS
CVE-2024-44661
MEDIUM
PHPGurukul Online Shopping Portal 2.0 - XSS
CVSS 5.4
CVE-2024-46335
MEDIUM
PHPGurukul Complaint Management System 2.0 - Cross-Site Scripting via fromdate and todate Parameters
CVSS 4.6
CVE-2024-44655
MEDIUM
PHPGurukul Complaint Management System 2.0 - XSS
CVSS 6.1
CVE-2024-46336
MEDIUM
kashipara School Management System 1.0 - Cross-Site Scripting via Feedback Endpoint
CVSS 6.1
CVE-2024-46334
MEDIUM
kashipara School Management System 1.0 - Cross-Site Scripting via formuser and formpassword Parameters
CVSS 6.1
CVE-2024-44647
MEDIUM
PHPGurukul Small CRM 3.0 - Cross-Site Scripting via aremark Parameter in manage-tickets.php
CVSS 6.1
CVE-2024-44635
MEDIUM
PHPGurukul Student Record System 3.20 - XSS
CVSS 6.1
Details
Vulnerabilities
45,293
Exploit Likelihood
High