CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,293 vulnerabilities with CWE-79
CVE-2024-45516
MEDIUM
Zimbra Collaboration Suite 8.8.15-9.0.0, 10.0.0-10.0.11, 10.1.0-10.1.3 - Stored XSS via IMG Tag
CVSS 6.1
CVE-2024-56157
MEDIUM
iTop < 3.1.3 - Cross-Site Scripting via CSV Import
CVSS 6.3
CVE-2024-10865
CRITICAL
OpenText Advanced Authentication <6.5 - XSS
CVE-2024-57273
MEDIUM
pfSense CE < 2.8.0 and Plus < 25.03 - Cross-Site Scripting via ACB Reason Field
CVSS 5.4
CVE-2024-54779
MEDIUM
pfSense CE < 2.8.0 and Plus < 25.03 - Cross-Site Scripting in Log Widget
CVSS 5.4
CVE-2024-52290
MEDIUM
LF Edge eKuiper < 2.1.0 - Stored Cross-Site Scripting via Connection Configuration Name Parameter
CVSS 6.3
CVE-2024-51446
MEDIUM
Polarion ALM V2310 and V2404 < V2404.4 - Authenticated Stored Cross-Site Scripting via XML File Upload
CVSS 6.5
CVE-2024-55651
MEDIUM
i-educar 2.9 - Stored Cross-Site Scripting in User Type Input Field
CVSS 5.4
CVE-2024-12120
MEDIUM
Royal Elementor Addons < 1.7.1018 - Authenticated Stored Cross-Site Scripting via Countdown Widget
CVSS 5.4
CVE-2024-41753
MEDIUM
IBM Cloud Pak for Business Automation 24.0.0-24.0.1 - Unauthenticated Stored XSS
CVSS 6.1
CVE-2024-13860
MEDIUM
BuddyBoss Platform <= 2.8.50 - Authenticated Stored Cross-Site Scripting via bbp_topic_title Parameter
CVSS 6.4
CVE-2024-13859
MEDIUM
BuddyBoss Platform <= 2.8.50 - Authenticated Stored Cross-Site Scripting via bp_nouveau_ajax_media_save
CVSS 6.4
CVE-2024-13858
MEDIUM
BuddyBoss Platform and Theme <= 2.8.50 - Authenticated Stored Cross-Site Scripting via invitee_name Parameter
CVSS 6.4
CVE-2024-48906
MEDIUM
Sematell ReplyOne 7.4.3.0 - Cross-Site Scripting via ReplyDesk Email Attachment Name
CVSS 6.1
CVE-2024-13381
MEDIUM
Calculated Fields Form WordPress <5.2.62 - XSS
CVSS 4.8
CVE-2024-30145
MEDIUM
Hcltech HCL Domino Volt and Domino Leap 1.1 through 1.1.5 - Client-Side Script Injection
CVSS 6.5
CVE-2024-30115
MEDIUM
HCL Domino Leap 1.1-1.1.3 - Stored Cross-Site Scripting via HTML Widget
CVSS 6.3
CVE-2024-12273
LOW
Calculated Fields Form < 5.2.62 - Authenticated Stored Cross-Site Scripting in Plugin Settings
CVSS 3.5
CVE-2024-11922
MEDIUM
Fortra GoAnywhere < 7.8.0 - Cross-Site Scripting via Email Trigger
CVSS 6.3
CVE-2024-9771
LOW
WP-Recall < 16.26.12 - Authenticated Stored Cross-Site Scripting in Settings
CVSS 3.5
CVE-2024-52888
MEDIUM
Check Point Mobile Access - Authenticated Cross-Site Scripting via Directory Display
CVSS 5.4
CVE-2024-52887
LOW
Checkpoint Mobile Access - Authenticated Stored Cross-Site Scripting via SNX Bookmark
CVSS 3.5
CVE-2024-56156
CRITICAL
halo < 2.20.13 - Stored Cross-Site Scripting and Remote Code Execution via File Upload Bypass
CVSS 9.0
CVE-2024-30147
MEDIUM
HCL Leap - Client-Side Code Injection
CVSS 6.5
CVE-2024-30114
LOW
HCL Leap < 9.3.6 - Stored Cross-Site Scripting in Authoring Environment
CVSS 3.7
Details
Vulnerabilities
45,293
Exploit Likelihood
High