CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,295 vulnerabilities with CWE-79
CVE-2024-11441
MEDIUM
serge-chat/serge - Stored Cross-Site Scripting in Chat Prompt
CVSS 6.1
CVE-2024-10727
MEDIUM
phpipam 1.5.0-1.6.0 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-10725
MEDIUM
phpipam < 1.7.0 - Stored Cross-Site Scripting via NAT Destination Address
CVSS 5.4
CVE-2024-10724
MEDIUM
phpipam < 1.7.0 - Stored Cross-Site Scripting in Subnet NAT Destination Address
CVSS 5.4
CVE-2024-10723
MEDIUM
phpipam < 1.7.0 - Stored Cross-Site Scripting via NAT Tool Destination Address Field
CVSS 5.4
CVE-2024-10722
MEDIUM
phpipam < 1.7.0 - Stored Cross-Site Scripting via Custom Field Description
CVSS 5.4
CVE-2024-10721
MEDIUM
phpipam 1.5.2 - Stored Cross-Site Scripting in Circuits Options Page
CVSS 5.4
CVE-2024-10720
MEDIUM
phpipam < 1.7.0 - Stored Cross-Site Scripting in Device Management Name and Description Fields
CVSS 6.1
CVE-2024-10719
MEDIUM
phpipam < 1.7.0 - Stored Cross-Site Scripting via Circuits Option Parameter
CVSS 5.4
CVE-2024-0640
MEDIUM
chatwoot 3.0.0-3.5.1 - Stored Cross-Site Scripting via Dashboard App Settings
CVSS 4.8
CVE-2024-13881
HIGH
Gunnettmd Linkmyposts - XSS
CVSS 7.1
CVE-2024-13880
HIGH
My Quota WordPress Plugin < 1.0.8 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-13878
HIGH
SpotBot WordPress Plugin < 0.1.8 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-13877
HIGH
Passbeemedia Web Push Notification <= 1.0.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-13876
HIGH
mEintopf < 0.2.1 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-13875
HIGH
WP-PManager < 1.2 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-55009
MEDIUM
AutoBib < 3.1.140 - Reflected Cross-Site Scripting via WCE Parameter
CVSS 6.1
CVE-2024-53970
MEDIUM
Adobe Experience Manager <6.5.21 - XSS
CVSS 5.4
CVE-2024-53969
MEDIUM
Adobe Experience Manager <6.5.21 - XSS
CVSS 5.4
CVE-2024-53968
MEDIUM
Adobe Experience Manager <6.5.21 - XSS
CVSS 5.4
CVE-2024-53967
MEDIUM
Adobe Experience Manager <6.5.21 - XSS
CVSS 5.4
CVE-2024-13602
MEDIUM
Poll Maker < 5.5.4 - Authenticated Stored Cross-Site Scripting in Plugin Settings
CVSS 4.8
CVE-2024-13497
HIGH
Tripetto WordPress Plugin < 8.0.9 - Unauthenticated Stored Cross-Site Scripting via Attachment Uploads
CVSS 7.2
CVE-2024-12020
MEDIUM
LogicalDOC Enterprise - Unauthenticated Reflected Cross-Site Scripting in JSP Files
CVSS 6.1
CVE-2024-26006
HIGH
FortiOS 6.4.0-7.4.3 and FortiProxy 7.0.0-7.4.3 - Unauthenticated Cross-Site Scripting via Malicious Samba Server
CVSS 7.5
Details
Vulnerabilities
45,295
Exploit Likelihood
High