CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,369 vulnerabilities with CWE-79
CVE-2024-46209
MEDIUM
REDAXO CMS 5.17.1 - Stored Cross-Site Scripting via Password Parameter in /media/test.html
CVSS 5.4
CVE-2024-35498
MEDIUM
Grav 1.7.45 - Stored Cross-Site Scripting
CVSS 6.1
CVE-2024-46073
MEDIUM
IceHRM 32.4.0.OS - Reflected Cross-Site Scripting via Login Page Next Parameter
CVSS 6.1
CVE-2024-51472
LOW
IBM UrbanCode Deploy 7.2-7.2.3.13 and IBM DevOps Deploy 8.0-8.0.1.3 - HTML Injection in Web UI
CVSS 3.1
CVE-2024-51112
MEDIUM
pnetlab 5.3.11 - Open Redirect via Crafted Script
CVSS 6.1
CVE-2024-51111
MEDIUM
Pnetlab 5.3.11 - Cross-Site Scripting
CVSS 4.1
CVE-2024-31914
MEDIUM
IBM Sterling B2B Integrator Standard Edition - XSS
CVSS 6.4
CVE-2024-31913
MEDIUM
IBM Sterling B2B Integrator Standard Edition - XSS
CVSS 5.5
CVE-2024-12302
MEDIUM
Icegram Engage < 3.1.32 - Authenticated Stored Cross-Site Scripting via Campaign Settings
CVSS 6.1
CVE-2024-11849
MEDIUM
Pods < 3.2.8.1 - Authenticated Stored Cross-Site Scripting in Settings
CVSS 6.1
CVE-2024-11356
MEDIUM
Tour Master < 5.3.4 - Unauthenticated Cross-Site Scripting
CVSS 6.1
CVE-2024-13143
LOW
ZeroWdd studentmanager 1.0 - Cross-Site Scripting via PermissionController submitAddPermission URL Parameter
CVSS 2.4
CVE-2024-13142
LOW
ZeroWdd studentmanager 1.0 - Cross-Site Scripting in RoleController submitAddRole Function
CVSS 2.4
CVE-2024-13141
LOW
osuuu LightPicture <= 1.2.2 - Stored Cross-Site Scripting via SVG File Upload Handler
CVSS 3.5
CVE-2024-13140
LOW
emlog 2.4.0-2.4.3 - Cross-Site Scripting via Cover Upload Handler
CVSS 3.5
CVE-2024-13137
LOW
wangl1989 mysiteforme 1.0 - Cross-Site Scripting in SiteController RestResponse
CVSS 2.4
CVE-2024-13135
LOW
Emlog Pro 2.4.3 - Cross-Site Scripting in Subpage Handler
CVSS 3.5
CVE-2024-13132
LOW
emlog 2.4.0-2.4.3 - Cross-Site Scripting in Subpage Handler
CVSS 3.5
CVE-2024-12475
MEDIUM
WP Multi Store Locator <= 2.4.1 - Authenticated Stored Cross-Site Scripting
CVSS 6.4
CVE-2024-12221
MEDIUM
Turnkey bbPress by WeaverTheme <1.6.3 - XSS
CVSS 6.1
CVE-2024-11930
MEDIUM
Taskbuilder - WordPress Project & Task Management <3.0.6 - XSS
CVSS 6.4
CVE-2024-12701
MEDIUM
WP Smart Import <= 1.1.2 - Unauthenticated Reflected XSS via Page Parameter
CVSS 6.1
CVE-2024-12047
MEDIUM
WP Compress < 6.30.03 - Unauthenticated Reflected Cross-Site Scripting via Custom Server Parameter
CVSS 6.1
CVE-2024-11974
MEDIUM
Media Library Assistant <3.23 - XSS
CVSS 6.1
CVE-2024-56412
MEDIUM
PhpSpreadsheet <3.7.0, <2.3.5, <2.1.6, <1.29.7 - CSRF
CVSS 5.4
Details
Vulnerabilities
45,369
Exploit Likelihood
High