CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,354 vulnerabilities with CWE-79
CVE-2024-47002
HIGH
Observium CE 24.4.13528 - Authenticated HTML Injection in VLAN Management
CVSS 8.7
CVE-2024-45061
HIGH
Observium CE 24.4.13528 - Authenticated Stored Cross-Site Scripting in Weather Map Editor
CVSS 8.7
CVE-2024-12593
MEDIUM
WPForms + Drag and Drop Template Builder <4.6.0 - XSS
CVSS 6.4
CVE-2024-35280
MEDIUM
Fortinet FortiDeceptor 3.0-5.3.0 - Reflected Cross-Site Scripting in Recovery Endpoints
CVSS 5.4
CVE-2024-13351
HIGH
Repuso <= 5.20 - Authenticated Stored XSS via rw_image_badge1 Shortcode
CVSS 7.2
CVE-2024-12818
MEDIUM
WP Smart TV <= 2.1.8 - Authenticated Stored Cross-Site Scripting via 'tv-video-player' Shortcode
CVSS 6.4
CVE-2024-12423
MEDIUM
Contact Form 7 Redirect & Thank You Page <1.0.7 - XSS
CVSS 6.1
CVE-2024-12403
MEDIUM
Image Gallery - Responsive Photo Gallery <1.0.5 - XSS
CVSS 6.1
CVE-2024-11870
MEDIUM
Event Registration Calendar By vcita plugin <1.4.0 - XSS
CVSS 6.4
CVE-2024-13394
MEDIUM
ViewMedica 9 - WordPress Stored XSS
CVSS 6.4
CVE-2024-13334
MEDIUM
Car Demon <= 1.8.1 - Unauthenticated Reflected Cross-Site Scripting via search_condition Parameter
CVSS 6.1
CVE-2024-54142
CRITICAL
discourse-ai - Cross-Site Scripting via Shared Bot Conversation HTML Entities
CVSS 9.0
CVE-2024-53277
MEDIUM
Silverstripe Framework < 5.3.8 - Cross-Site Scripting in Form Message Content
CVSS 5.4
CVE-2024-47605
MEDIUM
Silverstripe asset-admin < 5.3.8 - oEmbed Cross-Site Scripting
CVSS 5.4
CVE-2024-50861
MEDIUM
GestioIP 3.5.7 - Stored Cross-Site Scripting via TSIG Key Field
CVSS 6.1
CVE-2024-50859
MEDIUM
GestioIP 3.5.7 - Reflected Cross-Site Scripting via ip_import_acl_csv Request
CVSS 4.8
CVE-2024-50857
MEDIUM
GestioIP 3.5.7 - Cross-Site Scripting via ip_do_job Request
CVSS 4.8
CVE-2024-53563
MEDIUM
Arcadyan Meteor 2 CPE FG360 Firmware ETV2.10 - XSS
CVSS 5.4
CVE-2024-55000
MEDIUM
House Rental Management System 1.0 - Stored Cross-Site Scripting in manage_categories.php
CVSS 5.4
CVE-2024-52967
LOW
FortiPortal 6.0.0-6.0.14 - Cross-Site Scripting via HTML Injection
CVSS 3.5
CVE-2024-48893
MEDIUM
FortiSOAR 7.2.1-7.2.2, 7.3.0-7.3.3 - Authenticated Stored Cross-Site Scripting via Malicious Playbook
CVSS 6.8
CVE-2024-45385
MEDIUM
Industrial Edge Management OS - XSS
CVSS 4.7
CVE-2024-12240
MEDIUM
Page Builder by SiteOrigin <= 2.31.0 - Authenticated Stored Cross-Site Scripting via Row Label Parameter
CVSS 6.4
CVE-2024-13156
MEDIUM
HTML5 Video Player Plugin <= 2.5.35 - Authenticated Stored XSS via Heading Parameter
CVSS 6.4
CVE-2024-13323
MEDIUM
WP Booking Calendar <= 10.9.2 - Authenticated Stored Cross-Site Scripting via Booking Shortcode Attributes
CVSS 6.4
Details
Vulnerabilities
45,354
Exploit Likelihood
High