CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,300 vulnerabilities with CWE-79
CVE-2024-13366 MEDIUM
Sandbox < 0.4 - Unauthenticated Reflected Cross-Site Scripting via Debug Parameter
CVSS 6.1
CVE-2024-12598 MEDIUM
MyBookProgress by Stormhill Media <1.0.8 - XSS
CVSS 6.4
CVE-2024-12508 MEDIUM
Glofox Shortcodes <= 2.6 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-12466 MEDIUM
WordPress Proofreading <1.2.1.1 - XSS
CVSS 6.1
CVE-2024-12203 MEDIUM
WordPress RSS Icon Widget <5.2 - XSS
CVSS 4.4
CVE-2024-13434 MEDIUM
WP Inventory Manager <= 2.3.2 - Unauthenticated Reflected Cross-Site Scripting via Message Parameter
CVSS 6.1
CVE-2024-13401 MEDIUM
WordPress PayPal plugin <1.2.3.35 - XSS
CVSS 6.4
CVE-2024-13398 MEDIUM
Checkout for PayPal <= 1.0.32 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-56144 MEDIUM
librenms < 24.12.0 - Stored Cross-Site Scripting via Device Display Parameter
CVSS 4.6
CVE-2024-57776 MEDIUM
JFinalOA < 2025.01.01 - Cross-Site Scripting via /apply/getEditPage?view Interface
CVSS 4.6
CVE-2024-57774 MEDIUM
JFinalOA < 2025.01.01 - Cross-Site Scripting via getBusinessUploadListPage Interface
CVSS 4.8
CVE-2024-57773 MEDIUM
JFinalOA < 2025.01.01 - Cross-Site Scripting via openSelectManyUserPage Interface
CVSS 4.8
CVE-2024-57772 MEDIUM
JFinalOA < 2025.01.01 - Cross-Site Scripting via /bumph/getDraftListPage
CVSS 4.8
CVE-2024-57771 MEDIUM
JFinalOA < 2025.01.01 - Cross-Site Scripting via common/getEditPage?view Interface
CVSS 4.8
CVE-2024-41746 HIGH
IBM CICS TX Advanced 10.1, 11.1 and Standard 11.1 - Stored Cross-Site Scripting
CVSS 7.2
CVE-2024-13387 MEDIUM
WP Responsive Tabs <= 1.2.9 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-11452 MEDIUM
Chamber Dashboard Business Directory <3.3.8 - XSS
CVSS 6.4
CVE-2024-41453 MEDIUM
Process Maker pm4core-docker <4.1.21-RC7 - XSS
CVSS 4.8
CVE-2024-54540 MEDIUM
Apple Music < 1.5.0.152 - Cross-Site Scripting
CVSS 4.3
CVE-2024-7085 HIGH
OpenText Solutions Business Manager (SBM) <= 12.2.1 - Stored Cross-Site Scripting
CVE-2024-47140 HIGH
Observium CE 24.4.13528 - Authenticated Stored Cross-Site Scripting in add_alert_check Page
CVSS 8.7
CVE-2024-47002 HIGH
Observium CE 24.4.13528 - Authenticated HTML Injection in VLAN Management
CVSS 8.7
CVE-2024-45061 HIGH
Observium CE 24.4.13528 - Authenticated Stored Cross-Site Scripting in Weather Map Editor
CVSS 8.7
CVE-2024-12593 MEDIUM
WPForms + Drag and Drop Template Builder <4.6.0 - XSS
CVSS 6.4
CVE-2024-35280 MEDIUM
Fortinet FortiDeceptor 3.0-5.3.0 - Reflected Cross-Site Scripting in Recovery Endpoints
CVSS 5.4
Details
Vulnerabilities 45,300
Exploit Likelihood High