CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,295 vulnerabilities with CWE-79
CVE-2024-13597
MEDIUM
SoftCOM iKSORIS < 79.0 - Reflected Cross-Site Scripting via Login Panel Form
CVE-2024-10090
MEDIUM
SoftCOM iKSORIS < 79.0 - Reflected Cross-Site Scripting via User Addition Form
CVSS 6.1
CVE-2024-10089
MEDIUM
SoftCOM iKSORIS < 79.0 - Stored Cross-Site Scripting via User Data Form
CVSS 5.4
CVE-2024-10088
MEDIUM
SoftCOM iKSORIS < 79.0 - Reflected Cross-Site Scripting via Login Form
CVSS 6.1
CVE-2024-10087
MEDIUM
SoftCOM iKSORIS < 79.0 - Reflected Cross-Site Scripting via Malicious Link
CVSS 5.4
CVE-2024-9230
MEDIUM
PowerPress Podcasting plugin < 11.9.18 - Authenticated Stored Cross-Site Scripting in Podcast Settings
CVSS 5.9
CVE-2024-13874
HIGH
Feedify web_push_notifications < 2.4.6 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-10894
MEDIUM
Payment Forms for Paystack <= 4.0.2 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-46494
MEDIUM
Typecho 1.2.1 - Stored Cross-Site Scripting via Comment Name Parameter
CVSS 5.4
CVE-2024-13898
MEDIUM
Simple Banner < 3.0.4 - Authenticated Stored Cross-Site Scripting via Admin Settings
CVSS 4.4
CVE-2024-9416
MEDIUM
Modula Image Gallery < 2.10.2 - Authenticated Stored Cross-Site Scripting via FancyBox Library
CVSS 6.4
CVE-2024-13673
MEDIUM
Big Boom Directory <= 2.5.0 - Authenticated Stored Cross-Site Scripting via 'bbd-search' Shortcode
CVSS 6.4
CVE-2024-56475
MEDIUM
IBM TXSeries for Multiplatforms <9.1, 11.1 - XSS
CVSS 5.4
CVE-2024-56341
MEDIUM
IBM Content Navigator 3.0.11, 3.0.15, and 3.1.0 - Authenticated Stored Cross-Site Scripting
CVSS 5.4
CVE-2024-45699
MEDIUM
Zabbix 6.0.0-6.0.36 - Cross-Site Scripting via backurl Parameter
CVSS 5.4
CVE-2024-12278
HIGH
Booster for WooCommerce <= 7.2.4 - Unauthenticated Stored Cross-Site Scripting via wp_kses Bypass
CVSS 7.2
CVE-2024-12189
MEDIUM
WDesignKit < 1.2.3 - Authenticated Stored Cross-Site Scripting via Custom Widgets
CVSS 6.4
CVE-2024-12021
HIGH
Coverity < 2024.9.0 - Stored Cross-Site Scripting in Administrative Interfaces
CVE-2024-55093
MEDIUM
phpipam < 1.7.3 - Reflected Cross-Site Scripting in Install Scripts
CVSS 5.4
CVE-2024-11180
MEDIUM
ElementsKit Elementor Addons < 3.4.8 - Authenticated Stored Cross-Site Scripting via Countdown Timer Widget
CVSS 6.4
CVE-2024-58130
HIGH
MISP < 2.4.193 - Cross-Site Scripting via REST Endpoint Response
CVSS 7.2
CVE-2024-58129
MEDIUM
MISP < 2.4.193 - Authenticated Stored Cross-Site Scripting via menu_custom_right_link_html Parameter
CVSS 5.5
CVE-2024-58128
MEDIUM
MISP < 2.4.193 - Authenticated Stored Cross-Site Scripting via Menu Custom Right Link
CVSS 5.5
CVE-2024-51624
HIGH
Já-Já Pagamentos for WooCommerce <1.3.0 - XSS
CVSS 7.1
CVE-2024-39311
MEDIUM
Publify < 10.0.1 - Cross-Site Scripting via Redirect Functionality
CVSS 5.4
Details
Vulnerabilities
45,295
Exploit Likelihood
High