CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,371 vulnerabilities with CWE-79
CVE-2024-11975
MEDIUM
Reactflow Visitor Recording and Heatmaps - CSRF
CVSS 6.1
CVE-2024-11938
MEDIUM
One Click Upsell Funnel for WooCommerce < 3.4.9 - Authenticated Stored XSS via wps_wocuf_pro_yes Shortcode
CVSS 6.4
CVE-2024-11682
MEDIUM
G Web Pro Store Locator <= 2.1 - Unauthenticated Reflected Cross-Site Scripting via 'q' Parameter
CVSS 6.1
CVE-2024-11287
MEDIUM
Ebook Store <= 5.8001 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg
CVSS 6.1
CVE-2024-11196
MEDIUM
Multi-column Tag Map <17.0.33 - XSS
CVSS 6.4
CVE-2024-12846
MEDIUM
emlog < 2.4.1 - Cross-Site Scripting via /admin/link.php siteurl/icon Parameter
CVSS 4.3
CVE-2024-11811
MEDIUM
Feedify - Web Push Notifications <2.4.2 - XSS
CVSS 6.1
CVE-2024-12845
LOW
emlog < 2.4.1 - Cross-Site Scripting via msg Argument in common.php
CVSS 3.5
CVE-2024-56359
HIGH
grist-core < 1.3.2 - Cross-Site Scripting via HyperLink Cell Control+Click
CVSS 8.1
CVE-2024-56358
HIGH
grist-core < 1.3.2 - Stored Cross-Site Scripting via SVG Attachment Preview
CVSS 8.1
CVE-2024-56357
HIGH
grist-core < 1.3.1 - Cross-Site Scripting via JavaScript URL Scheme
CVSS 8.1
CVE-2024-40875
MEDIUM
Absolute Secure Access <13.52 - XSS
CVE-2024-12844
MEDIUM
emlog < 2.4.1 - Cross-Site Scripting via /admin/store.php Tag Parameter
CVSS 4.3
CVE-2024-12843
MEDIUM
emlog < 2.4.1 - Cross-Site Scripting via /admin/plugin.php filter Parameter
CVSS 4.3
CVE-2024-55341
MEDIUM
Piranha CMS 11.1 - Stored Cross-Site Scripting via Markdown Content
CVSS 4.7
CVE-2024-12842
MEDIUM
emlog < 2.4.1 - Cross-Site Scripting via /admin/user.php Keyword Parameter
CVSS 4.3
CVE-2024-55342
MEDIUM
Piranha CMS 11.1 - Authenticated Stored Cross-Site Scripting via PDF File Upload
CVSS 4.7
CVE-2024-12841
MEDIUM
emlog < 2.4.1 - Cross-Site Scripting via /admin/tag.php Keyword Parameter
CVSS 4.3
CVE-2024-10385
HIGH
DirectAdmin Evolution Skin <1.668 - XSS
CVE-2024-56355
MEDIUM
JetBrains TeamCity < 2024.12 - Cross-Site Scripting via RemoteBuildLogController Response
CVSS 4.6
CVE-2024-56352
MEDIUM
JetBrains TeamCity < 2024.12 - Stored Cross-Site Scripting via Agent Image Name
CVSS 4.6
CVE-2024-9619
MEDIUM
WP SHAPES <= 1.0.0 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-12509
MEDIUM
Embed Twine <= 0.1.0 - Authenticated Stored Cross-Site Scripting via embed_twine Shortcode
CVSS 6.4
CVE-2024-12506
MEDIUM
NACC WordPress Plugin <= 4.1.0 - Authenticated Stored Cross-Site Scripting via 'nacc' Shortcode
CVSS 6.4
CVE-2024-11893
MEDIUM
Spoki - Chat Buttons & WooCommerce Notifications <2.15.14 - XSS
CVSS 6.4
Details
Vulnerabilities
45,371
Exploit Likelihood
High