CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,295 vulnerabilities with CWE-79
CVE-2024-55060
MEDIUM
Rafed CMS Website 1.44 - Cross-Site Scripting via index.php
CVSS 6.1
CVE-2024-57348
MEDIUM
PecanProject pecan < 1.8.0 - Cross-Site Scripting via Hostname, Sitegroupid, Lat, Lon, and Sitename Parameters
CVSS 6.1
CVE-2024-28803
MEDIUM
Italtel i-MCS NFV 12.1.0-20211215 - Unauthenticated Cross-Site Scripting via HTTP POST Parameter
CVSS 6.1
CVE-2024-22880
MEDIUM
Zadarma Zadarma extension <1.0.11 - XSS
CVSS 4.7
CVE-2024-13891
HIGH
Schedule WordPress Plugin <= 1.0.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-13885
HIGH
WP e-Customers Beta <= 0.0.1 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-13884
HIGH
Limit Bio WordPress plugin through 1.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-12589
MEDIUM
Finale Lite <= 2.19.0 - Authenticated Stored DOM XSS via Countdown Timer
CVSS 6.4
CVE-2024-56338
MEDIUM
IBM Sterling B2B Integrator 6.0.0.0-6.1.2.6 and 6.2.0.0-6.2.0.3 - Stored Cross-Site Scripting
CVSS 4.8
CVE-2024-51322
MEDIUM
Zucchetti Ad Hoc Infinity 2.4 - Authenticated Remote Code Execution via Multiple JSP and Servlet Components
CVSS 5.4
CVE-2024-51320
MEDIUM
Zucchetti Ad Hoc Infinity 2.4 - Authenticated RCE via Servlets
CVSS 5.4
CVE-2024-13864
HIGH
Countdown Timer WordPress plugin 1.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-13862
HIGH
S3Bubble Media Streaming < 8.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-13853
MEDIUM
SEO Tools WordPress Plugin < 4.0.7 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-13836
HIGH
WP Login Control < 2.0.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-13615
LOW
Social Snap < 1.4 - Authenticated Stored Cross-Site Scripting in Plugin Settings
CVSS 3.5
CVE-2024-13574
HIGH
XV Random Quotes < 1.40 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-13413
MEDIUM
ProductDyno <= 1.0.24 - Unauthenticated Reflected Cross-Site Scripting via 'res' Parameter
CVSS 6.1
CVE-2024-55199
MEDIUM
Celk Saude 3.1.252.1 - Stored Cross-Site Scripting via PDF File Upload
CVSS 5.4
CVE-2024-53307
MEDIUM
Evisions MAPS < 6.10.2.2678 - Reflected Cross-Site Scripting via /mw/ Endpoint
CVSS 5.4
CVE-2024-52812
MEDIUM
LF Edge eKuiper < 2.0.8 - Stored Cross-Site Scripting via Rule ID Parameter
CVSS 5.4
CVE-2024-13919
HIGH
Laravel Framework 11.9.0-11.35.1 - Reflected Cross-Site Scripting via Debug-Mode Error Page Route Parameter
CVSS 8.0
CVE-2024-13918
HIGH
Laravel Framework 11.9.0-11.35.1 - Reflected Cross-Site Scripting via Debug-Mode Error Page
CVSS 8.0
CVE-2024-13675
MEDIUM
SlingBlocks - Gutenberg Blocks by FunnelKit < 1.5.0 - Authenticated Stored Cross-Site Scripting via Icon List Block
CVSS 6.4
CVE-2024-13649
MEDIUM
Xpro Addons for Elementor < 1.4.6.7 - Authenticated Stored Cross-Site Scripting via Widget Input
CVSS 6.4
Details
Vulnerabilities
45,295
Exploit Likelihood
High