CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,300 vulnerabilities with CWE-79
CVE-2024-13696 HIGH
Flexible Wishlist for WooCommerce < 1.2.25 - Unauthenticated Stored Cross-Site Scripting via Wishlist Name Parameter
CVSS 7.2
CVE-2024-12749 HIGH
Competition Form < 2.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-57514 MEDIUM
TP-Link Archer A20 v3 1.0.6 Build 20231011 rel.85717(5553) - Cross-Site Scripting via Directory Listing Path
CVSS 4.8
CVE-2024-8401 MEDIUM
Schneider Electric EcoStruxure Power Monitoring Expert (PME) 2021 < 2021 CU1 - Stored XSS via Folder Name
CVSS 5.4
CVE-2024-13527 MEDIUM
Philantro - Donations and Donor Management <= 5.3 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-13509 HIGH
WS Form LITE - WordPress <1.10.13 - XSS
CVSS 7.2
CVE-2024-12807 MEDIUM
Social Share Buttons for WordPress < 2.7 - Authenticated Stored Cross-Site Scripting in Settings
CVSS 4.8
CVE-2024-12723 MEDIUM
Infility Global < 2.9.8 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-48662 MEDIUM
AdGuard Application < 7.18.1 - Cross-Site Scripting via fontMatrix Component
CVSS 6.1
CVE-2024-57272 MEDIUM
SecuSTATION Camera <V2.5.5.3116-S50-SMA-B20160811A - XSS
CVSS 6.1
CVE-2024-55228 CRITICAL
Dolibarr 21.0.0-beta - Stored Cross-Site Scripting via Product Title Parameter
CVSS 9.0
CVE-2024-55227 CRITICAL
Dolibarr 21.0.0-beta - Stored Cross-Site Scripting in Events/Agenda Title Parameter
CVSS 9.0
CVE-2024-48417 MEDIUM
Edimax BR-6476AC Firmware 1.06 - Stored Cross-Site Scripting via Static Route and URL Filter Parameters
CVSS 5.2
CVE-2024-37527 MEDIUM
IBM OpenPages with Watson 8.3-9.0 - Authenticated Stored Cross-Site Scripting
CVSS 5.4
CVE-2024-11348 MEDIUM
Eura7 CMSmanager < 4.6 - Reflected Cross-Site Scripting via Return GET Parameter
CVE-2024-13116 LOW
Crelly Slider WordPress <1.4.7 - XSS
CVSS 3.8
CVE-2024-13094 HIGH
WP Triggers Lite < 2.5.3 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-13056 HIGH
Dyn Business Panel <= 1.0.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-13055 HIGH
Dyn Business Panel <= 1.0.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-13052 HIGH
Dental Optimizer Patient Generator App < 1.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-12321 HIGH
WC Affiliate < 2.4 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-13505 MEDIUM
Survey Maker WordPress <5.1.3.3 - XSS
CVSS 5.5
CVE-2024-12334 MEDIUM
WC Affiliate - WooCommerce Affiliate Plugin <= 2.4 - Unauthenticated Reflected Cross-Site Scripting via Any Parameter
CVSS 6.1
CVE-2024-10636 MEDIUM
Quiz Maker Business <= 8.8.0, Developer <= 21.8.0, Agency <= 31.8.0 - Unauthenticated XSS via Content Parameter
CVSS 6.1
CVE-2024-35145 MEDIUM
IBM Maximo Application Suite 9.0.0 - Unauthenticated Stored Cross-Site Scripting in Monitor Component
CVSS 6.1
Details
Vulnerabilities 45,300
Exploit Likelihood High