CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,293 vulnerabilities with CWE-79
CVE-2024-45516 MEDIUM
Zimbra Collaboration Suite 8.8.15-9.0.0, 10.0.0-10.0.11, 10.1.0-10.1.3 - Stored XSS via IMG Tag
CVSS 6.1
CVE-2024-56157 MEDIUM
iTop < 3.1.3 - Cross-Site Scripting via CSV Import
CVSS 6.3
CVE-2024-10865 CRITICAL
OpenText Advanced Authentication <6.5 - XSS
CVE-2024-57273 MEDIUM
pfSense CE < 2.8.0 and Plus < 25.03 - Cross-Site Scripting via ACB Reason Field
CVSS 5.4
CVE-2024-54779 MEDIUM
pfSense CE < 2.8.0 and Plus < 25.03 - Cross-Site Scripting in Log Widget
CVSS 5.4
CVE-2024-52290 MEDIUM
LF Edge eKuiper < 2.1.0 - Stored Cross-Site Scripting via Connection Configuration Name Parameter
CVSS 6.3
CVE-2024-51446 MEDIUM
Polarion ALM V2310 and V2404 < V2404.4 - Authenticated Stored Cross-Site Scripting via XML File Upload
CVSS 6.5
CVE-2024-55651 MEDIUM
i-educar 2.9 - Stored Cross-Site Scripting in User Type Input Field
CVSS 5.4
CVE-2024-12120 MEDIUM
Royal Elementor Addons < 1.7.1018 - Authenticated Stored Cross-Site Scripting via Countdown Widget
CVSS 5.4
CVE-2024-41753 MEDIUM
IBM Cloud Pak for Business Automation 24.0.0-24.0.1 - Unauthenticated Stored XSS
CVSS 6.1
CVE-2024-13860 MEDIUM
BuddyBoss Platform <= 2.8.50 - Authenticated Stored Cross-Site Scripting via bbp_topic_title Parameter
CVSS 6.4
CVE-2024-13859 MEDIUM
BuddyBoss Platform <= 2.8.50 - Authenticated Stored Cross-Site Scripting via bp_nouveau_ajax_media_save
CVSS 6.4
CVE-2024-13858 MEDIUM
BuddyBoss Platform and Theme <= 2.8.50 - Authenticated Stored Cross-Site Scripting via invitee_name Parameter
CVSS 6.4
CVE-2024-48906 MEDIUM
Sematell ReplyOne 7.4.3.0 - Cross-Site Scripting via ReplyDesk Email Attachment Name
CVSS 6.1
CVE-2024-13381 MEDIUM
Calculated Fields Form WordPress <5.2.62 - XSS
CVSS 4.8
CVE-2024-30145 MEDIUM
Hcltech HCL Domino Volt and Domino Leap 1.1 through 1.1.5 - Client-Side Script Injection
CVSS 6.5
CVE-2024-30115 MEDIUM
HCL Domino Leap 1.1-1.1.3 - Stored Cross-Site Scripting via HTML Widget
CVSS 6.3
CVE-2024-12273 LOW
Calculated Fields Form < 5.2.62 - Authenticated Stored Cross-Site Scripting in Plugin Settings
CVSS 3.5
CVE-2024-11922 MEDIUM
Fortra GoAnywhere < 7.8.0 - Cross-Site Scripting via Email Trigger
CVSS 6.3
CVE-2024-9771 LOW
WP-Recall < 16.26.12 - Authenticated Stored Cross-Site Scripting in Settings
CVSS 3.5
CVE-2024-52888 MEDIUM
Check Point Mobile Access - Authenticated Cross-Site Scripting via Directory Display
CVSS 5.4
CVE-2024-52887 LOW
Checkpoint Mobile Access - Authenticated Stored Cross-Site Scripting via SNX Bookmark
CVSS 3.5
CVE-2024-56156 CRITICAL
halo < 2.20.13 - Stored Cross-Site Scripting and Remote Code Execution via File Upload Bypass
CVSS 9.0
CVE-2024-30147 MEDIUM
HCL Leap - Client-Side Code Injection
CVSS 6.5
CVE-2024-30114 LOW
HCL Leap < 9.3.6 - Stored Cross-Site Scripting in Authoring Environment
CVSS 3.7
Details
Vulnerabilities 45,293
Exploit Likelihood High