CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,300 vulnerabilities with CWE-79
CVE-2024-13366
MEDIUM
Sandbox < 0.4 - Unauthenticated Reflected Cross-Site Scripting via Debug Parameter
CVSS 6.1
CVE-2024-12598
MEDIUM
MyBookProgress by Stormhill Media <1.0.8 - XSS
CVSS 6.4
CVE-2024-12508
MEDIUM
Glofox Shortcodes <= 2.6 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-12466
MEDIUM
WordPress Proofreading <1.2.1.1 - XSS
CVSS 6.1
CVE-2024-12203
MEDIUM
WordPress RSS Icon Widget <5.2 - XSS
CVSS 4.4
CVE-2024-13434
MEDIUM
WP Inventory Manager <= 2.3.2 - Unauthenticated Reflected Cross-Site Scripting via Message Parameter
CVSS 6.1
CVE-2024-13401
MEDIUM
WordPress PayPal plugin <1.2.3.35 - XSS
CVSS 6.4
CVE-2024-13398
MEDIUM
Checkout for PayPal <= 1.0.32 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-56144
MEDIUM
librenms < 24.12.0 - Stored Cross-Site Scripting via Device Display Parameter
CVSS 4.6
CVE-2024-57776
MEDIUM
JFinalOA < 2025.01.01 - Cross-Site Scripting via /apply/getEditPage?view Interface
CVSS 4.6
CVE-2024-57774
MEDIUM
JFinalOA < 2025.01.01 - Cross-Site Scripting via getBusinessUploadListPage Interface
CVSS 4.8
CVE-2024-57773
MEDIUM
JFinalOA < 2025.01.01 - Cross-Site Scripting via openSelectManyUserPage Interface
CVSS 4.8
CVE-2024-57772
MEDIUM
JFinalOA < 2025.01.01 - Cross-Site Scripting via /bumph/getDraftListPage
CVSS 4.8
CVE-2024-57771
MEDIUM
JFinalOA < 2025.01.01 - Cross-Site Scripting via common/getEditPage?view Interface
CVSS 4.8
CVE-2024-41746
HIGH
IBM CICS TX Advanced 10.1, 11.1 and Standard 11.1 - Stored Cross-Site Scripting
CVSS 7.2
CVE-2024-13387
MEDIUM
WP Responsive Tabs <= 1.2.9 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-11452
MEDIUM
Chamber Dashboard Business Directory <3.3.8 - XSS
CVSS 6.4
CVE-2024-41453
MEDIUM
Process Maker pm4core-docker <4.1.21-RC7 - XSS
CVSS 4.8
CVE-2024-54540
MEDIUM
Apple Music < 1.5.0.152 - Cross-Site Scripting
CVSS 4.3
CVE-2024-7085
HIGH
OpenText Solutions Business Manager (SBM) <= 12.2.1 - Stored Cross-Site Scripting
CVE-2024-47140
HIGH
Observium CE 24.4.13528 - Authenticated Stored Cross-Site Scripting in add_alert_check Page
CVSS 8.7
CVE-2024-47002
HIGH
Observium CE 24.4.13528 - Authenticated HTML Injection in VLAN Management
CVSS 8.7
CVE-2024-45061
HIGH
Observium CE 24.4.13528 - Authenticated Stored Cross-Site Scripting in Weather Map Editor
CVSS 8.7
CVE-2024-12593
MEDIUM
WPForms + Drag and Drop Template Builder <4.6.0 - XSS
CVSS 6.4
CVE-2024-35280
MEDIUM
Fortinet FortiDeceptor 3.0-5.3.0 - Reflected Cross-Site Scripting in Recovery Endpoints
CVSS 5.4
Details
Vulnerabilities
45,300
Exploit Likelihood
High