CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,295 vulnerabilities with CWE-79
CVE-2024-13597 MEDIUM
SoftCOM iKSORIS < 79.0 - Reflected Cross-Site Scripting via Login Panel Form
CVE-2024-10090 MEDIUM
SoftCOM iKSORIS < 79.0 - Reflected Cross-Site Scripting via User Addition Form
CVSS 6.1
CVE-2024-10089 MEDIUM
SoftCOM iKSORIS < 79.0 - Stored Cross-Site Scripting via User Data Form
CVSS 5.4
CVE-2024-10088 MEDIUM
SoftCOM iKSORIS < 79.0 - Reflected Cross-Site Scripting via Login Form
CVSS 6.1
CVE-2024-10087 MEDIUM
SoftCOM iKSORIS < 79.0 - Reflected Cross-Site Scripting via Malicious Link
CVSS 5.4
CVE-2024-9230 MEDIUM
PowerPress Podcasting plugin < 11.9.18 - Authenticated Stored Cross-Site Scripting in Podcast Settings
CVSS 5.9
CVE-2024-13874 HIGH
Feedify web_push_notifications < 2.4.6 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-10894 MEDIUM
Payment Forms for Paystack <= 4.0.2 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-46494 MEDIUM
Typecho 1.2.1 - Stored Cross-Site Scripting via Comment Name Parameter
CVSS 5.4
CVE-2024-13898 MEDIUM
Simple Banner < 3.0.4 - Authenticated Stored Cross-Site Scripting via Admin Settings
CVSS 4.4
CVE-2024-9416 MEDIUM
Modula Image Gallery < 2.10.2 - Authenticated Stored Cross-Site Scripting via FancyBox Library
CVSS 6.4
CVE-2024-13673 MEDIUM
Big Boom Directory <= 2.5.0 - Authenticated Stored Cross-Site Scripting via 'bbd-search' Shortcode
CVSS 6.4
CVE-2024-56475 MEDIUM
IBM TXSeries for Multiplatforms <9.1, 11.1 - XSS
CVSS 5.4
CVE-2024-56341 MEDIUM
IBM Content Navigator 3.0.11, 3.0.15, and 3.1.0 - Authenticated Stored Cross-Site Scripting
CVSS 5.4
CVE-2024-45699 MEDIUM
Zabbix 6.0.0-6.0.36 - Cross-Site Scripting via backurl Parameter
CVSS 5.4
CVE-2024-12278 HIGH
Booster for WooCommerce <= 7.2.4 - Unauthenticated Stored Cross-Site Scripting via wp_kses Bypass
CVSS 7.2
CVE-2024-12189 MEDIUM
WDesignKit < 1.2.3 - Authenticated Stored Cross-Site Scripting via Custom Widgets
CVSS 6.4
CVE-2024-12021 HIGH
Coverity < 2024.9.0 - Stored Cross-Site Scripting in Administrative Interfaces
CVE-2024-55093 MEDIUM
phpipam < 1.7.3 - Reflected Cross-Site Scripting in Install Scripts
CVSS 5.4
CVE-2024-11180 MEDIUM
ElementsKit Elementor Addons < 3.4.8 - Authenticated Stored Cross-Site Scripting via Countdown Timer Widget
CVSS 6.4
CVE-2024-58130 HIGH
MISP < 2.4.193 - Cross-Site Scripting via REST Endpoint Response
CVSS 7.2
CVE-2024-58129 MEDIUM
MISP < 2.4.193 - Authenticated Stored Cross-Site Scripting via menu_custom_right_link_html Parameter
CVSS 5.5
CVE-2024-58128 MEDIUM
MISP < 2.4.193 - Authenticated Stored Cross-Site Scripting via Menu Custom Right Link
CVSS 5.5
CVE-2024-51624 HIGH
Já-Já Pagamentos for WooCommerce <1.3.0 - XSS
CVSS 7.1
CVE-2024-39311 MEDIUM
Publify < 10.0.1 - Cross-Site Scripting via Redirect Functionality
CVSS 5.4
Details
Vulnerabilities 45,295
Exploit Likelihood High