CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,298 vulnerabilities with CWE-79
CVE-2024-13352 HIGH
Legull < 1.2.2 - Reflected Cross-Site Scripting via Unsanitized Parameter
CVSS 7.1
CVE-2024-48589 MEDIUM
phpABook 0.9 - Cross-Site Scripting via rol Parameter
CVSS 6.3
CVE-2024-52892 MEDIUM
IBM Jazz for Service Management 1.1.3-1.1.3.23 - Unauthenticated Stored Cross-Site Scripting
CVSS 6.1
CVE-2024-57599 MEDIUM
DouPHP 1.8 Release 20231203 - Cross-Site Scripting via Description Parameter in Article Admin Page
CVSS 4.8
CVE-2024-57428 CRITICAL
PHPJabbers Cinema Booking System v2.0 - Stored Cross-Site Scripting via File Upload and Seat Configuration Fields
CVSS 9.3
CVE-2024-57427 MEDIUM
PHPJabbers Cinema Booking System 2.0 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-39272 CRITICAL
ClearML Enterprise Server 3.22.5-1533 - Cross-Site Scripting in Dataset Upload Functionality
CVSS 9.0
CVE-2024-49793 MEDIUM
IBM ApplinX 11.1 - Authenticated Stored Cross-Site Scripting
CVSS 5.4
CVE-2024-49792 MEDIUM
IBM ApplinX 11.1 - Authenticated Stored Cross-Site Scripting
CVSS 5.4
CVE-2024-49791 MEDIUM
IBM ApplinX 11.1 - Authenticated Stored Cross-Site Scripting
CVSS 6.4
CVE-2024-56472 MEDIUM
IBM Aspera Shares <1.10.0 PL6 - XSS
CVSS 6.4
CVE-2024-38318 MEDIUM
IBM Aspera Shares <1.9.0-1.10.0 PL6 - XSS
CVSS 4.8
CVE-2024-38317 MEDIUM
IBM Aspera Shares <1.10.0 PL6 - XSS
CVSS 4.8
CVE-2024-54853 MEDIUM
Skybox Change Manager <13.2.170 - XSS
CVSS 5.4
CVE-2024-52365 MEDIUM
IBM Cloud Pak for Business Automation <22.0.2 - XSS
CVSS 6.4
CVE-2024-52364 MEDIUM
IBM Cloud Pak for Business Automation <22.0.2 - XSS
CVSS 5.4
CVE-2024-53966 MEDIUM
Adobe Experience Manager <6.5.21 - XSS
CVSS 5.4
CVE-2024-53965 MEDIUM
Adobe Experience Manager <6.5.21 - XSS
CVSS 5.4
CVE-2024-53964 MEDIUM
Adobe Experience Manager <6.5.21 - XSS
CVSS 5.4
CVE-2024-53963 MEDIUM
Adobe Experience Manager <6.5.21 - XSS
CVSS 5.4
CVE-2024-53962 MEDIUM
Adobe Experience Manager <6.5.21 - XSS
CVSS 5.4
CVE-2024-53266 MEDIUM
Discourse - Cross-Site Scripting in User Profile Activity Streams
CVSS 4.3
CVE-2024-13722 MEDIUM
NagVis 1.9.40-1.9.41 and Checkmk 2.3.0p2-2.3.0p9 - Reflected Cross-Site Scripting
CVSS 5.4
CVE-2024-56328 MEDIUM
Discourse - Stored Cross-Site Scripting via Malicious Onebox URL
CVSS 6.5
CVE-2024-40700 MEDIUM
IBM Security Verify Access Appliance and Container <10.0.9 - XSS
CVSS 6.1
Details
Vulnerabilities 45,298
Exploit Likelihood High