CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,297 vulnerabilities with CWE-79
CVE-2024-51963 MEDIUM
ArcGIS Server 10.9.1-11.3 - Authenticated Stored Cross-Site Scripting
CVSS 4.8
CVE-2024-51960 MEDIUM
ArcGIS Server < 11.3 - Authenticated Stored Cross-Site Scripting
CVSS 4.8
CVE-2024-51959 MEDIUM
ArcGIS Server < 11.3 - Authenticated Stored Cross-Site Scripting
CVSS 4.8
CVE-2024-51957 MEDIUM
ArcGIS Server < 11.3 - Authenticated Stored Cross-Site Scripting
CVSS 4.8
CVE-2024-51956 MEDIUM
ArcGIS Server < 11.3 - Authenticated Stored Cross-Site Scripting
CVSS 4.8
CVE-2024-51953 MEDIUM
ArcGIS Server < 11.3 - Authenticated Stored Cross-Site Scripting
CVSS 4.8
CVE-2024-51952 MEDIUM
ArcGIS Server < 11.3 - Authenticated Stored Cross-Site Scripting
CVSS 4.8
CVE-2024-51951 MEDIUM
ArcGIS Server < 11.3 - Authenticated Stored Cross-Site Scripting
CVSS 4.8
CVE-2024-51950 MEDIUM
ArcGIS Server < 11.3 - Authenticated Stored Cross-Site Scripting
CVSS 4.8
CVE-2024-51949 MEDIUM
ArcGIS Server < 11.3 - Authenticated Stored Cross-Site Scripting
CVSS 4.8
CVE-2024-51948 MEDIUM
ArcGIS Server < 11.3 - Authenticated Stored Cross-Site Scripting
CVSS 4.8
CVE-2024-51947 MEDIUM
ArcGIS Server < 11.3 - Authenticated Stored Cross-Site Scripting
CVSS 4.8
CVE-2024-51946 MEDIUM
ArcGIS Server < 11.3 - Authenticated Stored Cross-Site Scripting
CVSS 4.8
CVE-2024-51945 MEDIUM
ArcGIS Server < 11.3 - Authenticated Stored Cross-Site Scripting
CVSS 4.8
CVE-2024-51944 MEDIUM
ArcGIS Server < 11.3 - Authenticated Stored Cross-Site Scripting
CVSS 4.8
CVE-2024-51942 MEDIUM
ArcGIS Server < 11.3 - Authenticated Stored Cross-Site Scripting
CVSS 4.8
CVE-2024-10904 MEDIUM
ArcGIS Server < 11.3 - Authenticated Stored Cross-Site Scripting
CVSS 4.8
CVE-2024-53384 MEDIUM
tsup 8.3.4 - Remote Code Execution via DOM Clobbering in cjs_shims.js
CVSS 5.1
CVE-2024-51091 MEDIUM
seajs 2.2.3 - Cross-Site Scripting via seajs Package
CVSS 5.4
CVE-2024-57240 MEDIUM
Apryse WebViewer < 11.1 - Cross-Site Scripting via Crafted PDF File
CVSS 5.4
CVE-2024-53388 HIGH
mavo v0.3.2 - DOM Clobbering
CVSS 8.8
CVE-2024-53387 HIGH
umeditor 1.2.3 - DOM Clobbering
CVSS 8.8
CVE-2024-54179 MEDIUM
IBM Business Automation Workflow <24.0.2 - XSS
CVSS 5.4
CVE-2024-8186 MEDIUM
GitLab 16.6-17.7.5, 17.8-17.8.3, 17.9 - Cross-Site Scripting via Child Item Search
CVSS 5.4
CVE-2024-53386 MEDIUM
stage.js < 0.8.10 - DOM Clobbering and Cross-Site Scripting via document.currentScript Shadowing
CVSS 4.9
Details
Vulnerabilities 45,297
Exploit Likelihood High