CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,295 vulnerabilities with CWE-79
CVE-2024-30147 MEDIUM
HCL Leap - Client-Side Code Injection
CVSS 6.5
CVE-2024-30114 LOW
HCL Leap < 9.3.6 - Stored Cross-Site Scripting in Authoring Environment
CVSS 3.7
CVE-2024-30113 MEDIUM
HCL Leap < 9.3.6 - Stored Cross-Site Scripting via HTML Widget
CVSS 6.3
CVE-2024-53569 MEDIUM
Volmarg Personal Management System <1.4.65 - XSS
CVSS 5.4
CVE-2024-53568 MEDIUM
Volmarg Personal Management System <1.4.65 - XSS
CVSS 5.4
CVE-2024-13569 HIGH
Front End Users < 3.2.32 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-42699 MEDIUM
Alkacon OpenCMS 17.0 - Stored Cross-Site Scripting via Image Title Sub-Field
CVSS 6.5
CVE-2024-12863 MEDIUM
OpenText Content Management CE <25.1 - XSS
CVE-2024-41446 MEDIUM
Alkacon OpenCMS 17.0 - Stored Cross-Site Scripting via Image Copyright Attribute
CVSS 5.4
CVE-2024-41447 MEDIUM
Alkacon OpenCMS 17.0 - Stored Cross-Site Scripting via Author Parameter
CVSS 5.4
CVE-2024-13650 MEDIUM
Piotnet Addons For Elementor <2.4.34 - XSS
CVSS 6.4
CVE-2024-40124 MEDIUM
Pydio <= 8.2.5 - Stored Cross-Site Scripting via New URL Bookmark Feature
CVSS 5.4
CVE-2024-11924 LOW
Icegram Express < 5.7.52 - Authenticated Stored Cross-Site Scripting in Settings
CVSS 3.5
CVE-2024-40074 MEDIUM
Sourcecodester Online ID Generator System 1.0 - XSS
CVSS 4.8
CVE-2024-40069 MEDIUM
Sourcecodester Online ID Generator System 1.0 - XSS
CVSS 5.4
CVE-2024-52281 HIGH
Rancher 2.9.0-2.9.3 - Stored Cross-Site Scripting via Cluster Description Field
CVSS 8.9
CVE-2024-10680 MEDIUM
10Web Form Maker < 1.15.32 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 4.8
CVE-2024-13452 MEDIUM
The Contact Form by Supsystic - WordPress <1.7.29 - CSRF
CVSS 6.1
CVE-2024-42200 MEDIUM
HCL BigFix Platform 10.0.0-10.0.12 - Stored Cross-Site Scripting in Web Reports
CVSS 5.4
CVE-2024-45712 LOW
SolarWinds Serv-U < 15.5.1 - Authenticated Stored Cross-Site Scripting
CVSS 2.6
CVE-2024-13610 MEDIUM
Simple Social Media Share Buttons < 6.0.0 - Authenticated Stored Cross-Site Scripting in Plugin Settings
CVSS 4.8
CVE-2024-13207 MEDIUM
Widget for Social Page Feeds <6.4.2 - XSS
CVSS 4.8
CVE-2024-49708 MEDIUM
SoftCOM iKSORIS < 79.0 - Stored Cross-Site Scripting via Delivery Address Form
CVSS 5.4
CVE-2024-49707 MEDIUM
SoftCOM iKSORIS < 79.0 - Reflected Cross-Site Scripting via Password Reset Form
CVSS 6.1
CVE-2024-13598 MEDIUM
SoftCOM iKSORIS < 79.0 - Reflected Cross-Site Scripting via Custom Form Field Parameters
CVSS 6.1
Details
Vulnerabilities 45,295
Exploit Likelihood High