CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,295 vulnerabilities with CWE-79
CVE-2024-11441 MEDIUM
serge-chat/serge - Stored Cross-Site Scripting in Chat Prompt
CVSS 6.1
CVE-2024-10727 MEDIUM
phpipam 1.5.0-1.6.0 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-10725 MEDIUM
phpipam < 1.7.0 - Stored Cross-Site Scripting via NAT Destination Address
CVSS 5.4
CVE-2024-10724 MEDIUM
phpipam < 1.7.0 - Stored Cross-Site Scripting in Subnet NAT Destination Address
CVSS 5.4
CVE-2024-10723 MEDIUM
phpipam < 1.7.0 - Stored Cross-Site Scripting via NAT Tool Destination Address Field
CVSS 5.4
CVE-2024-10722 MEDIUM
phpipam < 1.7.0 - Stored Cross-Site Scripting via Custom Field Description
CVSS 5.4
CVE-2024-10721 MEDIUM
phpipam 1.5.2 - Stored Cross-Site Scripting in Circuits Options Page
CVSS 5.4
CVE-2024-10720 MEDIUM
phpipam < 1.7.0 - Stored Cross-Site Scripting in Device Management Name and Description Fields
CVSS 6.1
CVE-2024-10719 MEDIUM
phpipam < 1.7.0 - Stored Cross-Site Scripting via Circuits Option Parameter
CVSS 5.4
CVE-2024-0640 MEDIUM
chatwoot 3.0.0-3.5.1 - Stored Cross-Site Scripting via Dashboard App Settings
CVSS 4.8
CVE-2024-13881 HIGH
Gunnettmd Linkmyposts - XSS
CVSS 7.1
CVE-2024-13880 HIGH
My Quota WordPress Plugin < 1.0.8 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-13878 HIGH
SpotBot WordPress Plugin < 0.1.8 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-13877 HIGH
Passbeemedia Web Push Notification <= 1.0.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-13876 HIGH
mEintopf < 0.2.1 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-13875 HIGH
WP-PManager < 1.2 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-55009 MEDIUM
AutoBib < 3.1.140 - Reflected Cross-Site Scripting via WCE Parameter
CVSS 6.1
CVE-2024-53970 MEDIUM
Adobe Experience Manager <6.5.21 - XSS
CVSS 5.4
CVE-2024-53969 MEDIUM
Adobe Experience Manager <6.5.21 - XSS
CVSS 5.4
CVE-2024-53968 MEDIUM
Adobe Experience Manager <6.5.21 - XSS
CVSS 5.4
CVE-2024-53967 MEDIUM
Adobe Experience Manager <6.5.21 - XSS
CVSS 5.4
CVE-2024-13602 MEDIUM
Poll Maker < 5.5.4 - Authenticated Stored Cross-Site Scripting in Plugin Settings
CVSS 4.8
CVE-2024-13497 HIGH
Tripetto WordPress Plugin < 8.0.9 - Unauthenticated Stored Cross-Site Scripting via Attachment Uploads
CVSS 7.2
CVE-2024-12020 MEDIUM
LogicalDOC Enterprise - Unauthenticated Reflected Cross-Site Scripting in JSP Files
CVSS 6.1
CVE-2024-26006 HIGH
FortiOS 6.4.0-7.4.3 and FortiProxy 7.0.0-7.4.3 - Unauthenticated Cross-Site Scripting via Malicious Samba Server
CVSS 7.5
Details
Vulnerabilities 45,295
Exploit Likelihood High