CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,355 vulnerabilities with CWE-79
CVE-2024-54998 MEDIUM
MonicaHQ v4.1.2 - Authenticated Client-Side Injection via Debts Creation Reason Parameter
CVSS 5.4
CVE-2024-54996 HIGH
MonicaHQ 4.1.2 - Authenticated Client-Side Injection via Reminder Title and Description Parameters
CVSS 8.8
CVE-2024-54994 MEDIUM
MonicaHQ v4.1.2 - Stored Cross-Site Scripting via First Name and Last Name Parameters
CVSS 6.5
CVE-2024-33299 MEDIUM
Microweber < 2.0.9 - Cross-Site Scripting via First Name and Last Name Parameters
CVSS 4.7
CVE-2024-33298 MEDIUM
Microweber < 2.0.9 - Cross-Site Scripting via Backup Function
CVSS 6.1
CVE-2024-33297 MEDIUM
Microweber < 2.0.9 - Stored Cross-Site Scripting via Campaign Name Field
CVSS 4.7
CVE-2024-54687 MEDIUM
vtiger CRM < 6.1 - Stored Cross-Site Scripting via Documents Module File Upload
CVSS 6.1
CVE-2024-50807 MEDIUM
Trippo Responsive Filemanager 9.14.0 - XSS
CVSS 6.1
CVE-2024-57686 CRITICAL
PHPGurukul Land Record System 1.0 - Cross-Site Scripting via pagetitle Parameter
CVSS 9.8
CVE-2024-13183 MEDIUM
Orbit Fox by ThemeIsle <2.10.43 - XSS
CVSS 6.4
CVE-2024-56377 MEDIUM
REDCap 14.9.6 - Authenticated Stored Cross-Site Scripting via Survey Title Field
CVSS 5.4
CVE-2024-56376 MEDIUM
REDCap 14.9.6 - Authenticated Stored Cross-Site Scripting in Messenger Message Field
CVSS 5.4
CVE-2024-51229 HIGH
pb-cms 2.0 - Stored Cross-Site Scripting via Theme Management Function
CVSS 8.8
CVE-2024-55226 MEDIUM
Vaultwarden < 1.32.5 - Authenticated Reflected Cross-Site Scripting in /api/core/mod.rs
CVSS 5.4
CVE-2024-55224 CRITICAL
Vaultwarden < 1.32.5 - HTML Injection via Username Field in Email Message
CVSS 9.6
CVE-2024-13308 LOW
Drupal Browser Back Button <2.0.2 - XSS
CVSS 3.8
CVE-2024-13305 MEDIUM
Drupal Entity Form Steps <1.1.4 - XSS
CVSS 4.8
CVE-2024-13301 MEDIUM
Drupal OAuth & OpenID Connect SSO (OAuth/OIDC Client) 3.0.0-3.43.9 & 4.0.0-4.0.18 - XSS
CVSS 6.1
CVE-2024-13298 MEDIUM
Drupal Tarte au Citron <2.0.5 - XSS
CVSS 4.8
CVE-2024-13294 MEDIUM
Drupal POST File < 1.0.2 - Cross-Site Scripting
CVSS 5.4
CVE-2024-13292 MEDIUM
Drupal Tooltip < 1.1.2 - Cross-Site Scripting
CVSS 4.8
CVE-2024-13289 MEDIUM
Drupal Cookiebot + GTM <1.0.18 - XSS
CVSS 5.4
CVE-2024-55494 MEDIUM
Opencode Mobile Collect Call <5.4.7 - RCE
CVSS 6.1
CVE-2024-42898 MEDIUM
Nagios XI 2024R1.1.4 - Stored Cross-Site Scripting via Account Settings Name Parameter
CVSS 5.4
CVE-2024-13287 MEDIUM
Drupal Views SVG Animation <1.0.1 - XSS
CVSS 5.4
Details
Vulnerabilities 45,355
Exploit Likelihood High