CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,369 vulnerabilities with CWE-79
CVE-2024-46209 MEDIUM
REDAXO CMS 5.17.1 - Stored Cross-Site Scripting via Password Parameter in /media/test.html
CVSS 5.4
CVE-2024-35498 MEDIUM
Grav 1.7.45 - Stored Cross-Site Scripting
CVSS 6.1
CVE-2024-46073 MEDIUM
IceHRM 32.4.0.OS - Reflected Cross-Site Scripting via Login Page Next Parameter
CVSS 6.1
CVE-2024-51472 LOW
IBM UrbanCode Deploy 7.2-7.2.3.13 and IBM DevOps Deploy 8.0-8.0.1.3 - HTML Injection in Web UI
CVSS 3.1
CVE-2024-51112 MEDIUM
pnetlab 5.3.11 - Open Redirect via Crafted Script
CVSS 6.1
CVE-2024-51111 MEDIUM
Pnetlab 5.3.11 - Cross-Site Scripting
CVSS 4.1
CVE-2024-31914 MEDIUM
IBM Sterling B2B Integrator Standard Edition - XSS
CVSS 6.4
CVE-2024-31913 MEDIUM
IBM Sterling B2B Integrator Standard Edition - XSS
CVSS 5.5
CVE-2024-12302 MEDIUM
Icegram Engage < 3.1.32 - Authenticated Stored Cross-Site Scripting via Campaign Settings
CVSS 6.1
CVE-2024-11849 MEDIUM
Pods < 3.2.8.1 - Authenticated Stored Cross-Site Scripting in Settings
CVSS 6.1
CVE-2024-11356 MEDIUM
Tour Master < 5.3.4 - Unauthenticated Cross-Site Scripting
CVSS 6.1
CVE-2024-13143 LOW
ZeroWdd studentmanager 1.0 - Cross-Site Scripting via PermissionController submitAddPermission URL Parameter
CVSS 2.4
CVE-2024-13142 LOW
ZeroWdd studentmanager 1.0 - Cross-Site Scripting in RoleController submitAddRole Function
CVSS 2.4
CVE-2024-13141 LOW
osuuu LightPicture <= 1.2.2 - Stored Cross-Site Scripting via SVG File Upload Handler
CVSS 3.5
CVE-2024-13140 LOW
emlog 2.4.0-2.4.3 - Cross-Site Scripting via Cover Upload Handler
CVSS 3.5
CVE-2024-13137 LOW
wangl1989 mysiteforme 1.0 - Cross-Site Scripting in SiteController RestResponse
CVSS 2.4
CVE-2024-13135 LOW
Emlog Pro 2.4.3 - Cross-Site Scripting in Subpage Handler
CVSS 3.5
CVE-2024-13132 LOW
emlog 2.4.0-2.4.3 - Cross-Site Scripting in Subpage Handler
CVSS 3.5
CVE-2024-12475 MEDIUM
WP Multi Store Locator <= 2.4.1 - Authenticated Stored Cross-Site Scripting
CVSS 6.4
CVE-2024-12221 MEDIUM
Turnkey bbPress by WeaverTheme <1.6.3 - XSS
CVSS 6.1
CVE-2024-11930 MEDIUM
Taskbuilder - WordPress Project & Task Management <3.0.6 - XSS
CVSS 6.4
CVE-2024-12701 MEDIUM
WP Smart Import <= 1.1.2 - Unauthenticated Reflected XSS via Page Parameter
CVSS 6.1
CVE-2024-12047 MEDIUM
WP Compress < 6.30.03 - Unauthenticated Reflected Cross-Site Scripting via Custom Server Parameter
CVSS 6.1
CVE-2024-11974 MEDIUM
Media Library Assistant <3.23 - XSS
CVSS 6.1
CVE-2024-56412 MEDIUM
PhpSpreadsheet <3.7.0, <2.3.5, <2.1.6, <1.29.7 - CSRF
CVSS 5.4
Details
Vulnerabilities 45,369
Exploit Likelihood High