CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,354 vulnerabilities with CWE-79
CVE-2024-47002 HIGH
Observium CE 24.4.13528 - Authenticated HTML Injection in VLAN Management
CVSS 8.7
CVE-2024-45061 HIGH
Observium CE 24.4.13528 - Authenticated Stored Cross-Site Scripting in Weather Map Editor
CVSS 8.7
CVE-2024-12593 MEDIUM
WPForms + Drag and Drop Template Builder <4.6.0 - XSS
CVSS 6.4
CVE-2024-35280 MEDIUM
Fortinet FortiDeceptor 3.0-5.3.0 - Reflected Cross-Site Scripting in Recovery Endpoints
CVSS 5.4
CVE-2024-13351 HIGH
Repuso <= 5.20 - Authenticated Stored XSS via rw_image_badge1 Shortcode
CVSS 7.2
CVE-2024-12818 MEDIUM
WP Smart TV <= 2.1.8 - Authenticated Stored Cross-Site Scripting via 'tv-video-player' Shortcode
CVSS 6.4
CVE-2024-12423 MEDIUM
Contact Form 7 Redirect & Thank You Page <1.0.7 - XSS
CVSS 6.1
CVE-2024-12403 MEDIUM
Image Gallery - Responsive Photo Gallery <1.0.5 - XSS
CVSS 6.1
CVE-2024-11870 MEDIUM
Event Registration Calendar By vcita plugin <1.4.0 - XSS
CVSS 6.4
CVE-2024-13394 MEDIUM
ViewMedica 9 - WordPress Stored XSS
CVSS 6.4
CVE-2024-13334 MEDIUM
Car Demon <= 1.8.1 - Unauthenticated Reflected Cross-Site Scripting via search_condition Parameter
CVSS 6.1
CVE-2024-54142 CRITICAL
discourse-ai - Cross-Site Scripting via Shared Bot Conversation HTML Entities
CVSS 9.0
CVE-2024-53277 MEDIUM
Silverstripe Framework < 5.3.8 - Cross-Site Scripting in Form Message Content
CVSS 5.4
CVE-2024-47605 MEDIUM
Silverstripe asset-admin < 5.3.8 - oEmbed Cross-Site Scripting
CVSS 5.4
CVE-2024-50861 MEDIUM
GestioIP 3.5.7 - Stored Cross-Site Scripting via TSIG Key Field
CVSS 6.1
CVE-2024-50859 MEDIUM
GestioIP 3.5.7 - Reflected Cross-Site Scripting via ip_import_acl_csv Request
CVSS 4.8
CVE-2024-50857 MEDIUM
GestioIP 3.5.7 - Cross-Site Scripting via ip_do_job Request
CVSS 4.8
CVE-2024-53563 MEDIUM
Arcadyan Meteor 2 CPE FG360 Firmware ETV2.10 - XSS
CVSS 5.4
CVE-2024-55000 MEDIUM
House Rental Management System 1.0 - Stored Cross-Site Scripting in manage_categories.php
CVSS 5.4
CVE-2024-52967 LOW
FortiPortal 6.0.0-6.0.14 - Cross-Site Scripting via HTML Injection
CVSS 3.5
CVE-2024-48893 MEDIUM
FortiSOAR 7.2.1-7.2.2, 7.3.0-7.3.3 - Authenticated Stored Cross-Site Scripting via Malicious Playbook
CVSS 6.8
CVE-2024-45385 MEDIUM
Industrial Edge Management OS - XSS
CVSS 4.7
CVE-2024-12240 MEDIUM
Page Builder by SiteOrigin <= 2.31.0 - Authenticated Stored Cross-Site Scripting via Row Label Parameter
CVSS 6.4
CVE-2024-13156 MEDIUM
HTML5 Video Player Plugin <= 2.5.35 - Authenticated Stored XSS via Heading Parameter
CVSS 6.4
CVE-2024-13323 MEDIUM
WP Booking Calendar <= 10.9.2 - Authenticated Stored Cross-Site Scripting via Booking Shortcode Attributes
CVSS 6.4
Details
Vulnerabilities 45,354
Exploit Likelihood High