CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,295 vulnerabilities with CWE-79
CVE-2024-55279 MEDIUM
uguu < 1.8.9 - Cross-Site Scripting via JavaScript in XML Files
CVSS 6.0
CVE-2024-13124 LOW
The Photo Gallery by 10Web WordPress plugin <1.8.33 - XSS
CVSS 3.5
CVE-2024-10558 LOW
10Web Form Maker < 1.15.30 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 3.5
CVE-2024-13739 MEDIUM
Newsletters <= 4.9.9.7 - Unauthenticated Reflected Cross-Site Scripting via 'to' Parameter
CVSS 6.1
CVE-2024-50053 MEDIUM
Zohocorp ManageEngine <14920- SupportCentre Plus <14910 - XSS
CVSS 6.3
CVE-2024-48591 MEDIUM
Inflectra SpiraTeam 7.2.00 - Stored Cross-Site Scripting via SVG File Upload
CVSS 6.1
CVE-2024-9900 MEDIUM
mudler/localai < 2.22.0 - Cross-Site Scripting in Search Functionality
CVSS 6.1
CVE-2024-9699 MEDIUM
FlatPress < 1.4 - Stored Cross-Site Scripting via File Upload Filename
CVSS 5.4
CVE-2024-9107 MEDIUM
gaizhenbiao/chuanhuchatgpt 20b2e02 - Stored Cross-Site Scripting via Chat History Upload
CVSS 5.4
CVE-2024-8556 MEDIUM
modelscope/agentscope - Stored Cross-Site Scripting in Run Information View
CVSS 6.1
CVE-2024-8400 MEDIUM
gaizhenbiao/chuanhuchatgpt < 20240410 - Stored Cross-Site Scripting via Malicious HTML File Upload
CVSS 5.4
CVE-2024-8101 MEDIUM
aimstack aim 3.23.0 - Stored Cross-Site Scripting in Text Explorer via dangerouslySetInnerHTML
CVSS 6.1
CVE-2024-8029 MEDIUM
privategpt v0.5.0 - Stored Cross-Site Scripting via SVG File Upload
CVSS 6.1
CVE-2024-8027 MEDIUM
netease-youdao QAnything - Stored Cross-Site Scripting via Malicious Knowledge File Upload
CVSS 6.1
CVE-2024-8017 CRITICAL
open-webui/open-webui <= 0.3.8 - Stored Cross-Site Scripting in Tooltip HTML Construction
CVSS 9.0
CVE-2024-7990 HIGH
open-webui 0.3.8 - Stored Cross-Site Scripting via Model Description Field
CVSS 8.4
CVE-2024-7053 CRITICAL
open-webui 0.3.8 - Authenticated Session Fixation and Remote Code Execution via Malicious Markdown Image
CVSS 9.0
CVE-2024-7044 HIGH
open-webui 0.3.8 - Stored Cross-Site Scripting via Chat File Upload
CVSS 8.9
CVE-2024-6986 MEDIUM
lollms_web_ui 9.8 - Stored Cross-Site Scripting via System Template Input Field
CVSS 5.4
CVE-2024-4023 HIGH
flatpress 1.3 - Stored Cross-Site Scripting via .xsig File Upload
CVSS 8.1
CVE-2024-12871 MEDIUM
Ragflow 0.12.0 - Stored Cross-Site Scripting via Malicious PDF Upload
CVSS 5.4
CVE-2024-12870 MEDIUM
infiniflow/ragflow < latest - Unauthenticated Stored Cross-Site Scripting via HTML/XML File Upload
CVSS 5.4
CVE-2024-12374 MEDIUM
automatic1111/stable-diffusion-webui - Stored Cross-Site Scripting via HTML File Upload
CVSS 6.1
CVE-2024-11850 MEDIUM
langgenius/dify - Stored Cross-Site Scripting via SVG Markdown in Chatbot Feature
CVSS 5.4
CVE-2024-11824 HIGH
langgenius/dify < 0.12.1 - Stored Cross-Site Scripting in Chat Log via HTML Tag Injection
CVSS 7.6
Details
Vulnerabilities 45,295
Exploit Likelihood High