CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,414 vulnerabilities with CWE-79
CVE-2024-10849
MEDIUM
NewsMash <= 1.0.71 - Authenticated Stored Cross-Site Scripting via Display Name
CVSS 6.4
CVE-2024-10320
MEDIUM
Cookielay <= 1.2.0 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-11201
MEDIUM
myCred - Loyalty Points & Rewards <2.7.5.2 - XSS
CVSS 6.4
CVE-2024-10551
MEDIUM
Sticky Social Icons < 1.2.1 - Authenticated Stored Cross-Site Scripting in Plugin Settings
CVSS 4.8
CVE-2024-11379
MEDIUM
Broadcast <= 51.01 - Unauthenticated Reflected Cross-Site Scripting via do_check Parameter
CVSS 6.1
CVE-2024-9769
MEDIUM
Video Gallery - Best WordPress YouTube Gallery < 2.4.1 - Authenticated Stored Cross-Site Scripting via Admin Settings
CVSS 4.4
CVE-2024-10836
MEDIUM
Flixita <= 1.0.82 - Unauthenticated Reflected Cross-Site Scripting via ID Parameter
CVSS 6.1
CVE-2024-53457
MEDIUM
LibreNMS 24.9.0-24.10.0 - Stored Cross-Site Scripting via Display Name Parameter
CVSS 5.4
CVE-2024-53442
CRITICAL
whapa 1.59 - Command Injection via HTML Reports Filename
CVSS 9.8
CVE-2024-54001
MEDIUM
Kanboard - Stored Cross-Site Scripting in Application Settings
CVSS 5.5
CVE-2024-53471
MEDIUM
WeGIA 3.2.0 - Stored Cross-Site Scripting via id or name Parameter in meio_pagamento.php
CVSS 6.1
CVE-2024-53470
MEDIUM
WeGIA 3.2.0 - Stored Cross-Site Scripting via Gateway Payment Configuration Parameters
CVSS 6.1
CVE-2024-12232
LOW
code-projects Simple CRUD Functionality 1.0 - Cross-Site Scripting via newtitle/newdescr Parameters
CVSS 3.5
CVE-2024-10716
MEDIUM
Pega Infinity 8.1-8.8.5 - Cross-Site Scripting in Search
CVSS 5.9
CVE-2024-6516
CRITICAL
ABB ASPECT Enterprise and NEXUS/MATRIX Series < 3.08.03 - Cross-Site Scripting
CVSS 9.0
CVE-2024-11779
MEDIUM
WIP WooCarousel Lite <= 1.1.6 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-11420
MEDIUM
Blocksy <= 2.0.77 - Authenticated Stored Cross-Site Scripting via Contact Info Block Link Parameter
CVSS 6.4
CVE-2024-11324
MEDIUM
Accounting for WooCommerce <1.6.6 - XSS
CVSS 6.1
CVE-2024-10848
MEDIUM
NewsMunch <= 1.0.35 - Authenticated Stored Cross-Site Scripting via Display Name
CVSS 6.4
CVE-2024-10056
MEDIUM
WordPress vcita plugin <4.10.4 - XSS
CVSS 6.4
CVE-2024-42195
LOW
HCL DevOps Deploy 8.0.0.0-8.0.1.3 and HCL Launch 7.0.0.0-7.0.5.24 - HTML Injection in Web UI
CVSS 3.1
CVE-2024-10178
MEDIUM
Gutentor - Gutenberg Blocks <= 3.3.9 - Authenticated Stored XSS via Countdown Widget
CVSS 6.4
CVE-2024-10881
MEDIUM
LUNA RADIO PLAYER <6.24.11.07 - XSS
CVSS 6.4
CVE-2024-12183
LOW
dedecms < 5.7.116 - Cross-Site Scripting via RemoveXSS Function in /plus/carbuyaction.php
CVSS 3.5
CVE-2024-12182
LOW
dedecms < 5.7.116 - Cross-Site Scripting via /member/soft_add.php body Parameter
CVSS 3.5
Details
Vulnerabilities
45,414
Exploit Likelihood
High