CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,300 vulnerabilities with CWE-79
CVE-2024-57326
MEDIUM
Online Pizza Delivery System 1.0 - Reflected Cross-Site Scripting via Search Parameter
CVSS 6.1
CVE-2024-10539
MEDIUM
Uyumsoft ERP <Erp4.2109.166p45 - XSS
CVSS 5.5
CVE-2024-13422
MEDIUM
SEO Blogger to WordPress Migration <0.4.8 - XSS
CVSS 6.1
CVE-2024-13389
MEDIUM
Cliptakes <= 1.3.4 - Authenticated Stored Cross-Site Scripting via cliptakes_input_email Shortcode
CVSS 6.4
CVE-2024-13340
MEDIUM
MDTF - Meta Data and Taxonomies Filter <= 1.3.3.6 - Authenticated Stored XSS via 'mdf_results_by_ajax' Shortcode
CVSS 6.4
CVE-2024-12504
MEDIUM
Broadcast Live Video - Live Streaming < 6.1.9 - Authenticated Stored Cross-Site Scripting via videowhisper_hls Shortcode
CVSS 6.4
CVE-2024-12118
MEDIUM
The Events Calendar <= 6.9.0 - Authenticated Stored Cross-Site Scripting via Event Calendar Link Widget
CVSS 6.4
CVE-2024-12043
MEDIUM
Prime Slider - Addons for Elementor < 3.16.5 - Authenticated Stored XSS via Blog Widget
CVSS 6.4
CVE-2024-12477
MEDIUM
Avada Builder <= 3.11.11 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-56923
MEDIUM
Silverpeas 6.3.1-6.4.1 - Stored Cross-Site Scripting in My Subscriptions Categorization Option
CVSS 5.4
CVE-2024-51457
MEDIUM
IBM Robotic Process Automation for Cloud Pak 21.0.0-21.0.7.19 & 23.0.0-23.0.19 Authenticated Stored XSS
CVSS 4.4
CVE-2024-55488
MEDIUM
Umbraco CMS 14.3.1 - Authenticated Stored Cross-Site Scripting in Rich Text Display
CVSS 6.5
CVE-2024-13319
MEDIUM
Themify Builder <= 7.6.5 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg
CVSS 6.1
CVE-2024-13406
MEDIUM
Google Merchant Center plugin <3.0.11 - XSS
CVSS 6.1
CVE-2024-12117
MEDIUM
Stackable Page Builder Gutenberg Blocks <= 3.13.11 - Authenticated Stored XSS via Button Block
CVSS 6.4
CVE-2024-13590
MEDIUM
Ketchup Shortcodes <= 0.1.2 - Authenticated Stored Cross-Site Scripting via Spacer Shortcode
CVSS 6.4
CVE-2024-13584
MEDIUM
Picture Gallery <= 1.5.19 - Authenticated Stored XSS via videowhisper_pictures Shortcode
CVSS 6.4
CVE-2024-45478
MEDIUM
Apache Ranger 2.4.0 - Stored Cross-Site Scripting in Edit Service Page
CVSS 4.8
CVE-2024-55958
MEDIUM
Northern.tech CFEngine Enterprise Mission Portal <3.24.0-3.21.5 - XSS
CVSS 4.8
CVE-2024-48392
MEDIUM
OrangeScrum 2.0.11 - Stored Cross-Site Scripting via User Email Input
CVSS 5.4
CVE-2024-54795
MEDIUM
SpagoBI 3.5.1 - Stored Cross-Site Scripting in Worksheet Designer Forms
CVSS 5.4
CVE-2024-56990
MEDIUM
PHPGurukul Hospital Management System 4.0 - XSS
CVSS 4.5
CVE-2024-56998
MEDIUM
PHPGurukul Hospital Management System 4.0 - XSS
CVSS 4.2
CVE-2024-56997
MEDIUM
PHPGurukul Hospital Management System 4.0 - XSS
CVSS 4.2
CVE-2024-49700
HIGH
ARPrice <= 4.1.3 - Reflected Cross-Site Scripting
CVSS 7.1
Details
Vulnerabilities
45,300
Exploit Likelihood
High