CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,414 vulnerabilities with CWE-79
CVE-2024-54034
CRITICAL
Adobe Connect < 11.4.9 - Reflected Cross-Site Scripting
CVSS 9.3
CVE-2024-54032
CRITICAL
Adobe Connect < 11.4.9 - Stored Cross-Site Scripting via Form Field Injection
CVSS 9.3
CVE-2024-49550
MEDIUM
Adobe Connect < 11.4.9 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-53481
MEDIUM
PHPGurukul Beauty Parlour Management System 1.1 - Stored Cross-Site Scripting via Firstname and Lastname Parameters
CVSS 6.1
CVE-2024-55546
MEDIUM
ORing IAP-420 Firmware < 2.01e - Stored Cross-Site Scripting in Web Interface
CVSS 5.4
CVE-2024-55545
MEDIUM
ORing IAP-420 Firmware < 2.01e - Cross-Site Scripting via Web Interface
CVSS 6.1
CVE-2024-12323
MEDIUM
turboSMTP <= 4.6 - Unauthenticated Reflected Cross-Site Scripting via Page Parameter
CVSS 6.1
CVE-2024-47117
MEDIUM
IBM Carbon Charts 0.4.0-1.13.16 - Authenticated Stored Cross-Site Scripting
CVSS 5.4
CVE-2024-11928
MEDIUM
iChart - Easy Charts and Graphs <= 2.1.0 - Authenticated Stored Cross-Site Scripting via Width Parameter
CVSS 6.4
CVE-2024-11973
MEDIUM
Quran Text & Audio <= 2.3.21 - Reflected XSS via 'sourate' and 'lang'
CVSS 6.1
CVE-2024-11945
MEDIUM
Email Reminders plugin <2.0.4 - XSS
CVSS 6.4
CVE-2024-11940
MEDIUM
Property Hive Mortgage Calculator <1.0.6 - XSS
CVSS 6.4
CVE-2024-11107
MEDIUM
System Dashboard < 2.8.15 - Unauthenticated Stored Cross-Site Scripting
CVSS 6.1
CVE-2024-9672
MEDIUM
PaperCut NG/MF < 24.1.1 - Reflected Cross-Site Scripting
CVSS 5.4
CVE-2024-55635
MEDIUM
Drupal 7.0-7.101 - Cross-Site Scripting
CVSS 6.1
CVE-2024-12393
MEDIUM
Drupal 8.8.0-10.2.10, 10.3.0-10.3.8, 11.0.0-11.0.7 - Cross-Site Scripting
CVSS 5.4
CVE-2024-55601
MEDIUM
Hugo 0.123.0-0.139.3 - Cross-Site Scripting in Internal Render Hooks
CVE-2024-53847
MEDIUM
Trix 1.0.0-1.3.2 and 2.0.0-2.1.8 - Cross-Site Scripting via Malicious Paste
CVE-2024-52599
MEDIUM
Tuleap < 16.0-7 and < 16.1.99.50 - Stored Cross-Site Scripting via Gantt Chart Artifact
CVSS 5.4
CVE-2024-54935
MEDIUM
kashipara E-learning Management System 1.0 - Stored Cross-Site Scripting via my_message Parameter
CVSS 5.4
CVE-2024-54919
MEDIUM
kashipara E-learning Management System 1.0 - Stored Cross-Site Scripting via Teacher Avatar Filename Parameter
CVSS 5.4
CVE-2024-54936
MEDIUM
Kashipara E-learning Management System 1.0 - Stored Cross-Site Scripting via my_message Parameter
CVSS 5.4
CVE-2024-54260
MEDIUM
BlazeThemes News Kit Elementor Addons <1.2.2 - XSS
CVSS 6.5
CVE-2024-54253
MEDIUM
Xpro Elementor Addons <1.4.6.1 - XSS
CVSS 6.5
CVE-2024-54247
MEDIUM
ABCBiz ABCBiz Addons & Templates - XSS
CVSS 6.5
Details
Vulnerabilities
45,414
Exploit Likelihood
High