CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,295 vulnerabilities with CWE-79
CVE-2024-55060 MEDIUM
Rafed CMS Website 1.44 - Cross-Site Scripting via index.php
CVSS 6.1
CVE-2024-57348 MEDIUM
PecanProject pecan < 1.8.0 - Cross-Site Scripting via Hostname, Sitegroupid, Lat, Lon, and Sitename Parameters
CVSS 6.1
CVE-2024-28803 MEDIUM
Italtel i-MCS NFV 12.1.0-20211215 - Unauthenticated Cross-Site Scripting via HTTP POST Parameter
CVSS 6.1
CVE-2024-22880 MEDIUM
Zadarma Zadarma extension <1.0.11 - XSS
CVSS 4.7
CVE-2024-13891 HIGH
Schedule WordPress Plugin <= 1.0.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-13885 HIGH
WP e-Customers Beta <= 0.0.1 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-13884 HIGH
Limit Bio WordPress plugin through 1.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-12589 MEDIUM
Finale Lite <= 2.19.0 - Authenticated Stored DOM XSS via Countdown Timer
CVSS 6.4
CVE-2024-56338 MEDIUM
IBM Sterling B2B Integrator 6.0.0.0-6.1.2.6 and 6.2.0.0-6.2.0.3 - Stored Cross-Site Scripting
CVSS 4.8
CVE-2024-51322 MEDIUM
Zucchetti Ad Hoc Infinity 2.4 - Authenticated Remote Code Execution via Multiple JSP and Servlet Components
CVSS 5.4
CVE-2024-51320 MEDIUM
Zucchetti Ad Hoc Infinity 2.4 - Authenticated RCE via Servlets
CVSS 5.4
CVE-2024-13864 HIGH
Countdown Timer WordPress plugin 1.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-13862 HIGH
S3Bubble Media Streaming < 8.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-13853 MEDIUM
SEO Tools WordPress Plugin < 4.0.7 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-13836 HIGH
WP Login Control < 2.0.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-13615 LOW
Social Snap < 1.4 - Authenticated Stored Cross-Site Scripting in Plugin Settings
CVSS 3.5
CVE-2024-13574 HIGH
XV Random Quotes < 1.40 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-13413 MEDIUM
ProductDyno <= 1.0.24 - Unauthenticated Reflected Cross-Site Scripting via 'res' Parameter
CVSS 6.1
CVE-2024-55199 MEDIUM
Celk Saude 3.1.252.1 - Stored Cross-Site Scripting via PDF File Upload
CVSS 5.4
CVE-2024-53307 MEDIUM
Evisions MAPS < 6.10.2.2678 - Reflected Cross-Site Scripting via /mw/ Endpoint
CVSS 5.4
CVE-2024-52812 MEDIUM
LF Edge eKuiper < 2.0.8 - Stored Cross-Site Scripting via Rule ID Parameter
CVSS 5.4
CVE-2024-13919 HIGH
Laravel Framework 11.9.0-11.35.1 - Reflected Cross-Site Scripting via Debug-Mode Error Page Route Parameter
CVSS 8.0
CVE-2024-13918 HIGH
Laravel Framework 11.9.0-11.35.1 - Reflected Cross-Site Scripting via Debug-Mode Error Page
CVSS 8.0
CVE-2024-13675 MEDIUM
SlingBlocks - Gutenberg Blocks by FunnelKit < 1.5.0 - Authenticated Stored Cross-Site Scripting via Icon List Block
CVSS 6.4
CVE-2024-13649 MEDIUM
Xpro Addons for Elementor < 1.4.6.7 - Authenticated Stored Cross-Site Scripting via Widget Input
CVSS 6.4
Details
Vulnerabilities 45,295
Exploit Likelihood High