CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,293 vulnerabilities with CWE-79
CVE-2024-41177
MEDIUM
Apache Zeppelin < 0.12.0 - Cross-Site Scripting via Incomplete Blacklist
CVSS 6.1
CVE-2024-45515
MEDIUM
Zimbra Collaboration < 10.1.0 - Cross-Site Scripting via Briefcase File Import
CVSS 6.1
CVE-2024-53288
MEDIUM
Synology Router Manager < 1.3.1-9346 - Authenticated Stored Cross-Site Scripting in NTP Region Functionality
CVSS 5.9
CVE-2024-53287
MEDIUM
Synology Router Manager < 1.3.1-9346 - Authenticated Stored Cross-Site Scripting in VPN Setting
CVSS 5.9
CVE-2024-55040
MEDIUM
Sensaphone WEB600 Firmware < 1.6.5.H - Cross-Site Scripting via @.xml GET Parameters
CVSS 6.1
CVE-2024-42912
MEDIUM
META-INF Kft. Email This Issue <9.13.0-GA - XSS
CVSS 5.4
CVE-2024-9343
MEDIUM
Eclipse GlassFish 7.0.15 - Stored Cross-Site Scripting in Administration Console
CVSS 6.1
CVE-2024-10032
MEDIUM
Eclipse GlassFish 7.0.15 - Stored Cross-Site Scripting in Administration Console
CVSS 5.4
CVE-2024-10031
MEDIUM
Eclipse GlassFish 7.0.15 - Stored Cross-Site Scripting via Configuration File Modification
CVSS 5.4
CVE-2024-10029
MEDIUM
Eclipse GlassFish 7.0.15 - Reflected Cross-Site Scripting in Administration Console
CVSS 6.1
CVE-2024-36697
MEDIUM
Allworx System Software <9.1.9.12 - XSS
CVSS 6.1
CVE-2024-43334
HIGH
Gavias Halpes and Zilom < 1.2.5 and < 1.4.5 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-11937
MEDIUM
Premium Addons for Elementor <4.10.69 - XSS
CVSS 6.4
CVE-2024-5647
MEDIUM
BlossomThemes Social Feed < 2.0.5 - Authenticated Stored Cross-Site Scripting via Magnific Popups Library
CVSS 6.4
CVE-2024-9017
MEDIUM
PeepSo Core: Groups <= 6.4.6.0 - Authenticated Stored Cross-Site Scripting via Group Description Field
CVSS 6.4
CVE-2024-11405
MEDIUM
WP Front-end login and register < 2.1.0 - Reflected XSS via Email and Reset Token
CVSS 6.1
CVE-2024-12915
MEDIUM
Devinim Software Library <24.11.02 - XSS
CVSS 4.6
CVE-2024-52900
MEDIUM
IBM Cognos Analytics 11.2.0-11.2.4 and 12.0.0-12.0.4 - Authenticated Stored Cross-Site Scripting
CVSS 6.4
CVE-2024-56915
MEDIUM
Netbox 4.1.7-4.2.2 - Cross-Site Scripting via RSS Feed Widget
CVSS 6.5
CVE-2024-56917
HIGH
Netbox 4.1.7 - Stored Cross-Site Scripting via Maintenance Banner
CVSS 7.1
CVE-2024-56916
MEDIUM
Netbox 4.1.7-<4.2.1 - Authenticated Stored Cross-Site Scripting via Configuration History Current Value Field
CVSS 6.1
CVE-2024-56918
MEDIUM
Netbox 4.1.7 - Authenticated Stored Cross-Site Scripting in Login Page
CVSS 6.1
CVE-2024-54183
MEDIUM
IBM Sterling B2B Integrator & File Gateway <6.1.2.6, <6.2.0.4 - XSS
CVSS 5.4
CVE-2024-25573
MEDIUM
PingFederate 12.1.0-12.1.3, 12.0.0-12.0.5, 11.3.0-11.3.8, 11.2.0-11.2.9 Stored XSS in Admin Console
CVE-2024-41505
MEDIUM
Jetimob Plataforma Imobiliaria 20240627-0 - Stored Cross-Site Scripting via Profisso Field
CVSS 6.1
Details
Vulnerabilities
45,293
Exploit Likelihood
High