CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,295 vulnerabilities with CWE-79
CVE-2024-55279
MEDIUM
uguu < 1.8.9 - Cross-Site Scripting via JavaScript in XML Files
CVSS 6.0
CVE-2024-13124
LOW
The Photo Gallery by 10Web WordPress plugin <1.8.33 - XSS
CVSS 3.5
CVE-2024-10558
LOW
10Web Form Maker < 1.15.30 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 3.5
CVE-2024-13739
MEDIUM
Newsletters <= 4.9.9.7 - Unauthenticated Reflected Cross-Site Scripting via 'to' Parameter
CVSS 6.1
CVE-2024-50053
MEDIUM
Zohocorp ManageEngine <14920- SupportCentre Plus <14910 - XSS
CVSS 6.3
CVE-2024-48591
MEDIUM
Inflectra SpiraTeam 7.2.00 - Stored Cross-Site Scripting via SVG File Upload
CVSS 6.1
CVE-2024-9900
MEDIUM
mudler/localai < 2.22.0 - Cross-Site Scripting in Search Functionality
CVSS 6.1
CVE-2024-9699
MEDIUM
FlatPress < 1.4 - Stored Cross-Site Scripting via File Upload Filename
CVSS 5.4
CVE-2024-9107
MEDIUM
gaizhenbiao/chuanhuchatgpt 20b2e02 - Stored Cross-Site Scripting via Chat History Upload
CVSS 5.4
CVE-2024-8556
MEDIUM
modelscope/agentscope - Stored Cross-Site Scripting in Run Information View
CVSS 6.1
CVE-2024-8400
MEDIUM
gaizhenbiao/chuanhuchatgpt < 20240410 - Stored Cross-Site Scripting via Malicious HTML File Upload
CVSS 5.4
CVE-2024-8101
MEDIUM
aimstack aim 3.23.0 - Stored Cross-Site Scripting in Text Explorer via dangerouslySetInnerHTML
CVSS 6.1
CVE-2024-8029
MEDIUM
privategpt v0.5.0 - Stored Cross-Site Scripting via SVG File Upload
CVSS 6.1
CVE-2024-8027
MEDIUM
netease-youdao QAnything - Stored Cross-Site Scripting via Malicious Knowledge File Upload
CVSS 6.1
CVE-2024-8017
CRITICAL
open-webui/open-webui <= 0.3.8 - Stored Cross-Site Scripting in Tooltip HTML Construction
CVSS 9.0
CVE-2024-7990
HIGH
open-webui 0.3.8 - Stored Cross-Site Scripting via Model Description Field
CVSS 8.4
CVE-2024-7053
CRITICAL
open-webui 0.3.8 - Authenticated Session Fixation and Remote Code Execution via Malicious Markdown Image
CVSS 9.0
CVE-2024-7044
HIGH
open-webui 0.3.8 - Stored Cross-Site Scripting via Chat File Upload
CVSS 8.9
CVE-2024-6986
MEDIUM
lollms_web_ui 9.8 - Stored Cross-Site Scripting via System Template Input Field
CVSS 5.4
CVE-2024-4023
HIGH
flatpress 1.3 - Stored Cross-Site Scripting via .xsig File Upload
CVSS 8.1
CVE-2024-12871
MEDIUM
Ragflow 0.12.0 - Stored Cross-Site Scripting via Malicious PDF Upload
CVSS 5.4
CVE-2024-12870
MEDIUM
infiniflow/ragflow < latest - Unauthenticated Stored Cross-Site Scripting via HTML/XML File Upload
CVSS 5.4
CVE-2024-12374
MEDIUM
automatic1111/stable-diffusion-webui - Stored Cross-Site Scripting via HTML File Upload
CVSS 6.1
CVE-2024-11850
MEDIUM
langgenius/dify - Stored Cross-Site Scripting via SVG Markdown in Chatbot Feature
CVSS 5.4
CVE-2024-11824
HIGH
langgenius/dify < 0.12.1 - Stored Cross-Site Scripting in Chat Log via HTML Tag Injection
CVSS 7.6
Details
Vulnerabilities
45,295
Exploit Likelihood
High