CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,295 vulnerabilities with CWE-79
CVE-2024-30147
MEDIUM
HCL Leap - Client-Side Code Injection
CVSS 6.5
CVE-2024-30114
LOW
HCL Leap < 9.3.6 - Stored Cross-Site Scripting in Authoring Environment
CVSS 3.7
CVE-2024-30113
MEDIUM
HCL Leap < 9.3.6 - Stored Cross-Site Scripting via HTML Widget
CVSS 6.3
CVE-2024-53569
MEDIUM
Volmarg Personal Management System <1.4.65 - XSS
CVSS 5.4
CVE-2024-53568
MEDIUM
Volmarg Personal Management System <1.4.65 - XSS
CVSS 5.4
CVE-2024-13569
HIGH
Front End Users < 3.2.32 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-42699
MEDIUM
Alkacon OpenCMS 17.0 - Stored Cross-Site Scripting via Image Title Sub-Field
CVSS 6.5
CVE-2024-12863
MEDIUM
OpenText Content Management CE <25.1 - XSS
CVE-2024-41446
MEDIUM
Alkacon OpenCMS 17.0 - Stored Cross-Site Scripting via Image Copyright Attribute
CVSS 5.4
CVE-2024-41447
MEDIUM
Alkacon OpenCMS 17.0 - Stored Cross-Site Scripting via Author Parameter
CVSS 5.4
CVE-2024-13650
MEDIUM
Piotnet Addons For Elementor <2.4.34 - XSS
CVSS 6.4
CVE-2024-40124
MEDIUM
Pydio <= 8.2.5 - Stored Cross-Site Scripting via New URL Bookmark Feature
CVSS 5.4
CVE-2024-11924
LOW
Icegram Express < 5.7.52 - Authenticated Stored Cross-Site Scripting in Settings
CVSS 3.5
CVE-2024-40074
MEDIUM
Sourcecodester Online ID Generator System 1.0 - XSS
CVSS 4.8
CVE-2024-40069
MEDIUM
Sourcecodester Online ID Generator System 1.0 - XSS
CVSS 5.4
CVE-2024-52281
HIGH
Rancher 2.9.0-2.9.3 - Stored Cross-Site Scripting via Cluster Description Field
CVSS 8.9
CVE-2024-10680
MEDIUM
10Web Form Maker < 1.15.32 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 4.8
CVE-2024-13452
MEDIUM
The Contact Form by Supsystic - WordPress <1.7.29 - CSRF
CVSS 6.1
CVE-2024-42200
MEDIUM
HCL BigFix Platform 10.0.0-10.0.12 - Stored Cross-Site Scripting in Web Reports
CVSS 5.4
CVE-2024-45712
LOW
SolarWinds Serv-U < 15.5.1 - Authenticated Stored Cross-Site Scripting
CVSS 2.6
CVE-2024-13610
MEDIUM
Simple Social Media Share Buttons < 6.0.0 - Authenticated Stored Cross-Site Scripting in Plugin Settings
CVSS 4.8
CVE-2024-13207
MEDIUM
Widget for Social Page Feeds <6.4.2 - XSS
CVSS 4.8
CVE-2024-49708
MEDIUM
SoftCOM iKSORIS < 79.0 - Stored Cross-Site Scripting via Delivery Address Form
CVSS 5.4
CVE-2024-49707
MEDIUM
SoftCOM iKSORIS < 79.0 - Reflected Cross-Site Scripting via Password Reset Form
CVSS 6.1
CVE-2024-13598
MEDIUM
SoftCOM iKSORIS < 79.0 - Reflected Cross-Site Scripting via Custom Form Field Parameters
CVSS 6.1
Details
Vulnerabilities
45,295
Exploit Likelihood
High