CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,293 vulnerabilities with CWE-79
CVE-2024-41504
MEDIUM
Jetimob Plataforma Imobiliaria 20240627-0 - Stored Cross-Site Scripting in Activity Description Field
CVSS 6.1
CVE-2024-41503
MEDIUM
Jetimob Plataforma Imobiliaria 20240627-0 - Stored Cross-Site Scripting in Search Filter Title Field
CVSS 6.1
CVE-2024-41502
MEDIUM
Jetimob Plataforma Imobiliaria 20240627-0 - Stored Cross-Site Scripting via Observaces Form Field
CVSS 6.1
CVE-2024-37396
MEDIUM
REDCap < 14.2.1 - Authenticated Stored Cross-Site Scripting in Calendar Notes Field
CVSS 5.4
CVE-2024-37395
MEDIUM
REDCap < 14.2.1 - Authenticated Stored Cross-Site Scripting via Survey Title and Instructions
CVSS 5.4
CVE-2024-37394
MEDIUM
REDCap < 14.2.1 - Authenticated Stored Cross-Site Scripting via Dashboard Title and Content
CVSS 5.4
CVE-2024-9994
MEDIUM
Essential Addons for Elementor - WooCommerce Builders <6.1.12 - XSS
CVSS 6.4
CVE-2024-9993
MEDIUM
Essential Addons for Elementor - WordPress <6.1.12 - XSS
CVSS 6.4
CVE-2024-50406
MEDIUM
QNAP License Center 1.9.36-1.9.48 - Cross-Site Scripting
CVSS 5.4
CVE-2024-8008
MEDIUM
WSO2 API Manager - Reflected Cross-Site Scripting via JDBC User Store Connection Validation Error Messages
CVSS 5.2
CVE-2024-3509
MEDIUM
WSO2 API Manager - Authenticated Stored Cross-Site Scripting in Rich Text Editor
CVSS 4.3
CVE-2024-40114
MEDIUM
Sitecom WLX-2006 Firmware < 1.5 - Cross-Site Scripting via Language Cookie
CVSS 6.1
CVE-2024-57783
HIGH
Dot < 0.9.3 - Cross-Site Scripting and Remote Code Execution via innerHTML DOM Injection
CVSS 8.1
CVE-2024-45094
MEDIUM
IBM DS8900F and DS8A00 Hardware Management Console - Stored Cross-Site Scripting
CVSS 5.5
CVE-2024-47090
MEDIUM
Nagvis < 1.9.47 - Cross-Site Scripting
CVSS 6.1
CVE-2024-13427
MEDIUM
Page Builder: Pagelayer < 2.0.0 - Authenticated Stored Cross-Site Scripting via Button Widget
CVSS 6.4
CVE-2024-51099
MEDIUM
PHPGURUKUL Medical Card Generation System 1.0 - Reflected Cross-Site Scripting via searchdata Parameter
CVSS 6.1
CVE-2024-48704
MEDIUM
Phpgurukul Medical Card Generation System 1.0 - Cross-Site Scripting via pagedes Parameter
CVSS 6.1
CVE-2024-51108
MEDIUM
PHPGURUKUL Medical Card Generation System 1.0 - Stored Cross-Site Scripting via fromdate and todate Parameters
CVSS 5.4
CVE-2024-51107
MEDIUM
PHPGURUKUL Medical Card Generation System 1.0 - Stored Cross-Site Scripting via Contact Us Parameters
CVSS 4.8
CVE-2024-48702
MEDIUM
PHPGurukul Old Age Home Management System 1.0 - Cross-Site Scripting via searchdata Parameter
CVSS 5.4
CVE-2024-5962
MEDIUM
WSO2 API Manager and Identity Server - Reflected Cross-Site Scripting in Authentication Endpoint
CVSS 6.1
CVE-2024-7103
MEDIUM
WSO2 Identity Server 7.0.0 - Reflected Cross-Site Scripting in Sub-Organization Login Flow
CVSS 4.6
CVE-2024-13958
MEDIUM
ABB ASPECT-Enterprise NEXUS Series MATRIX Series <= 3.* - Authenticated Stored Cross-Site Scripting
CVSS 4.8
CVE-2024-13950
MEDIUM
ABB ASPECT-Enterprise NEXUS Series MATRIX Series <= 3.* - Authenticated Stored Cross-Site Scripting via Log Injection
CVSS 6.8
Details
Vulnerabilities
45,293
Exploit Likelihood
High