CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,300 vulnerabilities with CWE-79
CVE-2024-57326 MEDIUM
Online Pizza Delivery System 1.0 - Reflected Cross-Site Scripting via Search Parameter
CVSS 6.1
CVE-2024-10539 MEDIUM
Uyumsoft ERP <Erp4.2109.166p45 - XSS
CVSS 5.5
CVE-2024-13422 MEDIUM
SEO Blogger to WordPress Migration <0.4.8 - XSS
CVSS 6.1
CVE-2024-13389 MEDIUM
Cliptakes <= 1.3.4 - Authenticated Stored Cross-Site Scripting via cliptakes_input_email Shortcode
CVSS 6.4
CVE-2024-13340 MEDIUM
MDTF - Meta Data and Taxonomies Filter <= 1.3.3.6 - Authenticated Stored XSS via 'mdf_results_by_ajax' Shortcode
CVSS 6.4
CVE-2024-12504 MEDIUM
Broadcast Live Video - Live Streaming < 6.1.9 - Authenticated Stored Cross-Site Scripting via videowhisper_hls Shortcode
CVSS 6.4
CVE-2024-12118 MEDIUM
The Events Calendar <= 6.9.0 - Authenticated Stored Cross-Site Scripting via Event Calendar Link Widget
CVSS 6.4
CVE-2024-12043 MEDIUM
Prime Slider - Addons for Elementor < 3.16.5 - Authenticated Stored XSS via Blog Widget
CVSS 6.4
CVE-2024-12477 MEDIUM
Avada Builder <= 3.11.11 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-56923 MEDIUM
Silverpeas 6.3.1-6.4.1 - Stored Cross-Site Scripting in My Subscriptions Categorization Option
CVSS 5.4
CVE-2024-51457 MEDIUM
IBM Robotic Process Automation for Cloud Pak 21.0.0-21.0.7.19 & 23.0.0-23.0.19 Authenticated Stored XSS
CVSS 4.4
CVE-2024-55488 MEDIUM
Umbraco CMS 14.3.1 - Authenticated Stored Cross-Site Scripting in Rich Text Display
CVSS 6.5
CVE-2024-13319 MEDIUM
Themify Builder <= 7.6.5 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg
CVSS 6.1
CVE-2024-13406 MEDIUM
Google Merchant Center plugin <3.0.11 - XSS
CVSS 6.1
CVE-2024-12117 MEDIUM
Stackable Page Builder Gutenberg Blocks <= 3.13.11 - Authenticated Stored XSS via Button Block
CVSS 6.4
CVE-2024-13590 MEDIUM
Ketchup Shortcodes <= 0.1.2 - Authenticated Stored Cross-Site Scripting via Spacer Shortcode
CVSS 6.4
CVE-2024-13584 MEDIUM
Picture Gallery <= 1.5.19 - Authenticated Stored XSS via videowhisper_pictures Shortcode
CVSS 6.4
CVE-2024-45478 MEDIUM
Apache Ranger 2.4.0 - Stored Cross-Site Scripting in Edit Service Page
CVSS 4.8
CVE-2024-55958 MEDIUM
Northern.tech CFEngine Enterprise Mission Portal <3.24.0-3.21.5 - XSS
CVSS 4.8
CVE-2024-48392 MEDIUM
OrangeScrum 2.0.11 - Stored Cross-Site Scripting via User Email Input
CVSS 5.4
CVE-2024-54795 MEDIUM
SpagoBI 3.5.1 - Stored Cross-Site Scripting in Worksheet Designer Forms
CVSS 5.4
CVE-2024-56990 MEDIUM
PHPGurukul Hospital Management System 4.0 - XSS
CVSS 4.5
CVE-2024-56998 MEDIUM
PHPGurukul Hospital Management System 4.0 - XSS
CVSS 4.2
CVE-2024-56997 MEDIUM
PHPGurukul Hospital Management System 4.0 - XSS
CVSS 4.2
CVE-2024-49700 HIGH
ARPrice <= 4.1.3 - Reflected Cross-Site Scripting
CVSS 7.1
Details
Vulnerabilities 45,300
Exploit Likelihood High