CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,293 vulnerabilities with CWE-79
CVE-2024-41177 MEDIUM
Apache Zeppelin < 0.12.0 - Cross-Site Scripting via Incomplete Blacklist
CVSS 6.1
CVE-2024-45515 MEDIUM
Zimbra Collaboration < 10.1.0 - Cross-Site Scripting via Briefcase File Import
CVSS 6.1
CVE-2024-53288 MEDIUM
Synology Router Manager < 1.3.1-9346 - Authenticated Stored Cross-Site Scripting in NTP Region Functionality
CVSS 5.9
CVE-2024-53287 MEDIUM
Synology Router Manager < 1.3.1-9346 - Authenticated Stored Cross-Site Scripting in VPN Setting
CVSS 5.9
CVE-2024-55040 MEDIUM
Sensaphone WEB600 Firmware < 1.6.5.H - Cross-Site Scripting via @.xml GET Parameters
CVSS 6.1
CVE-2024-42912 MEDIUM
META-INF Kft. Email This Issue <9.13.0-GA - XSS
CVSS 5.4
CVE-2024-9343 MEDIUM
Eclipse GlassFish 7.0.15 - Stored Cross-Site Scripting in Administration Console
CVSS 6.1
CVE-2024-10032 MEDIUM
Eclipse GlassFish 7.0.15 - Stored Cross-Site Scripting in Administration Console
CVSS 5.4
CVE-2024-10031 MEDIUM
Eclipse GlassFish 7.0.15 - Stored Cross-Site Scripting via Configuration File Modification
CVSS 5.4
CVE-2024-10029 MEDIUM
Eclipse GlassFish 7.0.15 - Reflected Cross-Site Scripting in Administration Console
CVSS 6.1
CVE-2024-36697 MEDIUM
Allworx System Software <9.1.9.12 - XSS
CVSS 6.1
CVE-2024-43334 HIGH
Gavias Halpes and Zilom < 1.2.5 and < 1.4.5 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-11937 MEDIUM
Premium Addons for Elementor <4.10.69 - XSS
CVSS 6.4
CVE-2024-5647 MEDIUM
BlossomThemes Social Feed < 2.0.5 - Authenticated Stored Cross-Site Scripting via Magnific Popups Library
CVSS 6.4
CVE-2024-9017 MEDIUM
PeepSo Core: Groups <= 6.4.6.0 - Authenticated Stored Cross-Site Scripting via Group Description Field
CVSS 6.4
CVE-2024-11405 MEDIUM
WP Front-end login and register < 2.1.0 - Reflected XSS via Email and Reset Token
CVSS 6.1
CVE-2024-12915 MEDIUM
Devinim Software Library <24.11.02 - XSS
CVSS 4.6
CVE-2024-52900 MEDIUM
IBM Cognos Analytics 11.2.0-11.2.4 and 12.0.0-12.0.4 - Authenticated Stored Cross-Site Scripting
CVSS 6.4
CVE-2024-56915 MEDIUM
Netbox 4.1.7-4.2.2 - Cross-Site Scripting via RSS Feed Widget
CVSS 6.5
CVE-2024-56917 HIGH
Netbox 4.1.7 - Stored Cross-Site Scripting via Maintenance Banner
CVSS 7.1
CVE-2024-56916 MEDIUM
Netbox 4.1.7-<4.2.1 - Authenticated Stored Cross-Site Scripting via Configuration History Current Value Field
CVSS 6.1
CVE-2024-56918 MEDIUM
Netbox 4.1.7 - Authenticated Stored Cross-Site Scripting in Login Page
CVSS 6.1
CVE-2024-54183 MEDIUM
IBM Sterling B2B Integrator & File Gateway <6.1.2.6, <6.2.0.4 - XSS
CVSS 5.4
CVE-2024-25573 MEDIUM
PingFederate 12.1.0-12.1.3, 12.0.0-12.0.5, 11.3.0-11.3.8, 11.2.0-11.2.9 Stored XSS in Admin Console
CVE-2024-41505 MEDIUM
Jetimob Plataforma Imobiliaria 20240627-0 - Stored Cross-Site Scripting via Profisso Field
CVSS 6.1
Details
Vulnerabilities 45,293
Exploit Likelihood High