CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,354 vulnerabilities with CWE-79
CVE-2024-26154
MEDIUM
ETIC Telecom Remote Access Server Firmware < 4.5.0 - Reflected Cross-Site Scripting in Appliance Site Name
CVSS 4.8
CVE-2024-13378
MEDIUM
Gravity Forms 2.9.0.1-2.9.1.3 - XSS
CVSS 5.4
CVE-2024-13377
HIGH
Gravity Forms <= 2.9.1.3 - Unauthenticated Stored Cross-Site Scripting via Alt Parameter
CVSS 7.2
CVE-2024-13386
MEDIUM
quote-posttype-plugin <= 1.2.2 - Authenticated Stored Cross-Site Scripting via Author Field
CVSS 6.4
CVE-2024-13366
MEDIUM
Sandbox < 0.4 - Unauthenticated Reflected Cross-Site Scripting via Debug Parameter
CVSS 6.1
CVE-2024-12598
MEDIUM
MyBookProgress by Stormhill Media <1.0.8 - XSS
CVSS 6.4
CVE-2024-12508
MEDIUM
Glofox Shortcodes <= 2.6 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-12466
MEDIUM
WordPress Proofreading <1.2.1.1 - XSS
CVSS 6.1
CVE-2024-12203
MEDIUM
WordPress RSS Icon Widget <5.2 - XSS
CVSS 4.4
CVE-2024-13434
MEDIUM
WP Inventory Manager <= 2.3.2 - Unauthenticated Reflected Cross-Site Scripting via Message Parameter
CVSS 6.1
CVE-2024-13401
MEDIUM
WordPress PayPal plugin <1.2.3.35 - XSS
CVSS 6.4
CVE-2024-13398
MEDIUM
Checkout for PayPal <= 1.0.32 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-56144
MEDIUM
librenms < 24.12.0 - Stored Cross-Site Scripting via Device Display Parameter
CVSS 4.6
CVE-2024-57776
MEDIUM
JFinalOA < 2025.01.01 - Cross-Site Scripting via /apply/getEditPage?view Interface
CVSS 4.6
CVE-2024-57774
MEDIUM
JFinalOA < 2025.01.01 - Cross-Site Scripting via getBusinessUploadListPage Interface
CVSS 4.8
CVE-2024-57773
MEDIUM
JFinalOA < 2025.01.01 - Cross-Site Scripting via openSelectManyUserPage Interface
CVSS 4.8
CVE-2024-57772
MEDIUM
JFinalOA < 2025.01.01 - Cross-Site Scripting via /bumph/getDraftListPage
CVSS 4.8
CVE-2024-57771
MEDIUM
JFinalOA < 2025.01.01 - Cross-Site Scripting via common/getEditPage?view Interface
CVSS 4.8
CVE-2024-41746
HIGH
IBM CICS TX Advanced 10.1, 11.1 and Standard 11.1 - Stored Cross-Site Scripting
CVSS 7.2
CVE-2024-13387
MEDIUM
WP Responsive Tabs <= 1.2.9 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-11452
MEDIUM
Chamber Dashboard Business Directory <3.3.8 - XSS
CVSS 6.4
CVE-2024-41453
MEDIUM
Process Maker pm4core-docker <4.1.21-RC7 - XSS
CVSS 4.8
CVE-2024-54540
MEDIUM
Apple Music < 1.5.0.152 - Cross-Site Scripting
CVSS 4.3
CVE-2024-7085
HIGH
OpenText Solutions Business Manager (SBM) <= 12.2.1 - Stored Cross-Site Scripting
CVE-2024-47140
HIGH
Observium CE 24.4.13528 - Authenticated Stored Cross-Site Scripting in add_alert_check Page
CVSS 8.7
Details
Vulnerabilities
45,354
Exploit Likelihood
High