CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,414 vulnerabilities with CWE-79
CVE-2024-54034 CRITICAL
Adobe Connect < 11.4.9 - Reflected Cross-Site Scripting
CVSS 9.3
CVE-2024-54032 CRITICAL
Adobe Connect < 11.4.9 - Stored Cross-Site Scripting via Form Field Injection
CVSS 9.3
CVE-2024-49550 MEDIUM
Adobe Connect < 11.4.9 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-53481 MEDIUM
PHPGurukul Beauty Parlour Management System 1.1 - Stored Cross-Site Scripting via Firstname and Lastname Parameters
CVSS 6.1
CVE-2024-55546 MEDIUM
ORing IAP-420 Firmware < 2.01e - Stored Cross-Site Scripting in Web Interface
CVSS 5.4
CVE-2024-55545 MEDIUM
ORing IAP-420 Firmware < 2.01e - Cross-Site Scripting via Web Interface
CVSS 6.1
CVE-2024-12323 MEDIUM
turboSMTP <= 4.6 - Unauthenticated Reflected Cross-Site Scripting via Page Parameter
CVSS 6.1
CVE-2024-47117 MEDIUM
IBM Carbon Charts 0.4.0-1.13.16 - Authenticated Stored Cross-Site Scripting
CVSS 5.4
CVE-2024-11928 MEDIUM
iChart - Easy Charts and Graphs <= 2.1.0 - Authenticated Stored Cross-Site Scripting via Width Parameter
CVSS 6.4
CVE-2024-11973 MEDIUM
Quran Text & Audio <= 2.3.21 - Reflected XSS via 'sourate' and 'lang'
CVSS 6.1
CVE-2024-11945 MEDIUM
Email Reminders plugin <2.0.4 - XSS
CVSS 6.4
CVE-2024-11940 MEDIUM
Property Hive Mortgage Calculator <1.0.6 - XSS
CVSS 6.4
CVE-2024-11107 MEDIUM
System Dashboard < 2.8.15 - Unauthenticated Stored Cross-Site Scripting
CVSS 6.1
CVE-2024-9672 MEDIUM
PaperCut NG/MF < 24.1.1 - Reflected Cross-Site Scripting
CVSS 5.4
CVE-2024-55635 MEDIUM
Drupal 7.0-7.101 - Cross-Site Scripting
CVSS 6.1
CVE-2024-12393 MEDIUM
Drupal 8.8.0-10.2.10, 10.3.0-10.3.8, 11.0.0-11.0.7 - Cross-Site Scripting
CVSS 5.4
CVE-2024-55601 MEDIUM
Hugo 0.123.0-0.139.3 - Cross-Site Scripting in Internal Render Hooks
CVE-2024-53847 MEDIUM
Trix 1.0.0-1.3.2 and 2.0.0-2.1.8 - Cross-Site Scripting via Malicious Paste
CVE-2024-52599 MEDIUM
Tuleap < 16.0-7 and < 16.1.99.50 - Stored Cross-Site Scripting via Gantt Chart Artifact
CVSS 5.4
CVE-2024-54935 MEDIUM
kashipara E-learning Management System 1.0 - Stored Cross-Site Scripting via my_message Parameter
CVSS 5.4
CVE-2024-54919 MEDIUM
kashipara E-learning Management System 1.0 - Stored Cross-Site Scripting via Teacher Avatar Filename Parameter
CVSS 5.4
CVE-2024-54936 MEDIUM
Kashipara E-learning Management System 1.0 - Stored Cross-Site Scripting via my_message Parameter
CVSS 5.4
CVE-2024-54260 MEDIUM
BlazeThemes News Kit Elementor Addons <1.2.2 - XSS
CVSS 6.5
CVE-2024-54253 MEDIUM
Xpro Elementor Addons <1.4.6.1 - XSS
CVSS 6.5
CVE-2024-54247 MEDIUM
ABCBiz ABCBiz Addons & Templates - XSS
CVSS 6.5
Details
Vulnerabilities 45,414
Exploit Likelihood High