CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,369 vulnerabilities with CWE-79
CVE-2024-56210 HIGH
Userpro <= 5.1.9 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-56209 HIGH
Kleo < 5.4.4 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-13069 LOW
SourceCodester Multi Role Login System 1.0 - XSS
CVSS 3.5
CVE-2024-56517 MEDIUM
LGSL <= 6.2.1 - Reflected Cross-Site Scripting via Referer HTTP Header
CVE-2024-47925 HIGH
TCExam < 16.3.5 - Cross-Site Scripting
CVSS 7.5
CVE-2024-47924 HIGH
Boa web - Cross-Site Scripting
CVSS 7.5
CVE-2024-47920 HIGH
Tiki Wiki CMS < 28 - Cross-Site Scripting
CVSS 7.5
CVE-2024-47917 HIGH
Mobotix CCTV FW - Cross-Site Scripting
CVSS 7.5
CVE-2024-13034 LOW
code-projects Chat System 1.0 - XSS
CVSS 3.5
CVE-2024-13033 LOW
code-projects Chat System 1.0 - XSS
CVSS 3.5
CVE-2024-13031 LOW
Antabot White-Jotter <= 0.2.2 - Cross-Site Scripting in Article Content Editor
CVSS 2.4
CVE-2024-13023 LOW
PHPGurukul Maid Hiring Management System 1.0 - XSS
CVSS 2.4
CVE-2024-13021 LOW
SourceCodester Road Accident Map Marker 1.0 - XSS
CVSS 3.5
CVE-2024-13019 LOW
code-projects Chat System 1.0 - XSS
CVSS 3.5
CVE-2024-13018 LOW
PHPGurukul Maid Hiring Management System 1.0 - XSS
CVSS 2.4
CVE-2024-13017 LOW
PHPGurukul Maid Hiring Management System 1.0 - XSS
CVSS 2.4
CVE-2024-13015 LOW
PHPGurukul Maid Hiring Management System 1.0 - XSS
CVSS 2.4
CVE-2024-13013 LOW
PHPGurukul Maid Hiring Management System 1.0 - XSS
CVSS 2.4
CVE-2024-13012 LOW
Hostel Management System 1.0 - Cross-Site Scripting via Registration Form Input
CVSS 3.5
CVE-2024-12998 MEDIUM
Online Car Rental System 1.0 - Cross-Site Scripting via GET Parameter Handler
CVSS 4.3
CVE-2024-12995 LOW
ruifang-tech Rebuild 3.8.6 - Stored Cross-Site Scripting in Project Tasks Section
CVSS 3.5
CVE-2024-54775 MEDIUM
Dcat-Admin v2.2.0-beta and v2.2.2-beta - Cross-Site Scripting via /admin/auth/menu and /admin/auth/extensions
CVSS 4.8
CVE-2024-54774 MEDIUM
Dcat Admin v2.2.0-beta - Stored Cross-Site Scripting in /admin/articles/create
CVSS 4.8
CVE-2024-54451 MEDIUM
Kurmi Provisioning Suite <7.9.0.38, 7.10.x-7.10.0.18, 7.11.x-7.11.0...
CVSS 4.8
CVE-2024-12991 LOW
DBShop 3.3 Release 231225 - Cross-Site Scripting via orderStatus Parameter
CVSS 3.5
Details
Vulnerabilities 45,369
Exploit Likelihood High