CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,414 vulnerabilities with CWE-79
CVE-2024-10849 MEDIUM
NewsMash <= 1.0.71 - Authenticated Stored Cross-Site Scripting via Display Name
CVSS 6.4
CVE-2024-10320 MEDIUM
Cookielay <= 1.2.0 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-11201 MEDIUM
myCred - Loyalty Points & Rewards <2.7.5.2 - XSS
CVSS 6.4
CVE-2024-10551 MEDIUM
Sticky Social Icons < 1.2.1 - Authenticated Stored Cross-Site Scripting in Plugin Settings
CVSS 4.8
CVE-2024-11379 MEDIUM
Broadcast <= 51.01 - Unauthenticated Reflected Cross-Site Scripting via do_check Parameter
CVSS 6.1
CVE-2024-9769 MEDIUM
Video Gallery - Best WordPress YouTube Gallery < 2.4.1 - Authenticated Stored Cross-Site Scripting via Admin Settings
CVSS 4.4
CVE-2024-10836 MEDIUM
Flixita <= 1.0.82 - Unauthenticated Reflected Cross-Site Scripting via ID Parameter
CVSS 6.1
CVE-2024-53457 MEDIUM
LibreNMS 24.9.0-24.10.0 - Stored Cross-Site Scripting via Display Name Parameter
CVSS 5.4
CVE-2024-53442 CRITICAL
whapa 1.59 - Command Injection via HTML Reports Filename
CVSS 9.8
CVE-2024-54001 MEDIUM
Kanboard - Stored Cross-Site Scripting in Application Settings
CVSS 5.5
CVE-2024-53471 MEDIUM
WeGIA 3.2.0 - Stored Cross-Site Scripting via id or name Parameter in meio_pagamento.php
CVSS 6.1
CVE-2024-53470 MEDIUM
WeGIA 3.2.0 - Stored Cross-Site Scripting via Gateway Payment Configuration Parameters
CVSS 6.1
CVE-2024-12232 LOW
code-projects Simple CRUD Functionality 1.0 - Cross-Site Scripting via newtitle/newdescr Parameters
CVSS 3.5
CVE-2024-10716 MEDIUM
Pega Infinity 8.1-8.8.5 - Cross-Site Scripting in Search
CVSS 5.9
CVE-2024-6516 CRITICAL
ABB ASPECT Enterprise and NEXUS/MATRIX Series < 3.08.03 - Cross-Site Scripting
CVSS 9.0
CVE-2024-11779 MEDIUM
WIP WooCarousel Lite <= 1.1.6 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-11420 MEDIUM
Blocksy <= 2.0.77 - Authenticated Stored Cross-Site Scripting via Contact Info Block Link Parameter
CVSS 6.4
CVE-2024-11324 MEDIUM
Accounting for WooCommerce <1.6.6 - XSS
CVSS 6.1
CVE-2024-10848 MEDIUM
NewsMunch <= 1.0.35 - Authenticated Stored Cross-Site Scripting via Display Name
CVSS 6.4
CVE-2024-10056 MEDIUM
WordPress vcita plugin <4.10.4 - XSS
CVSS 6.4
CVE-2024-42195 LOW
HCL DevOps Deploy 8.0.0.0-8.0.1.3 and HCL Launch 7.0.0.0-7.0.5.24 - HTML Injection in Web UI
CVSS 3.1
CVE-2024-10178 MEDIUM
Gutentor - Gutenberg Blocks <= 3.3.9 - Authenticated Stored XSS via Countdown Widget
CVSS 6.4
CVE-2024-10881 MEDIUM
LUNA RADIO PLAYER <6.24.11.07 - XSS
CVSS 6.4
CVE-2024-12183 LOW
dedecms < 5.7.116 - Cross-Site Scripting via RemoveXSS Function in /plus/carbuyaction.php
CVSS 3.5
CVE-2024-12182 LOW
dedecms < 5.7.116 - Cross-Site Scripting via /member/soft_add.php body Parameter
CVSS 3.5
Details
Vulnerabilities 45,414
Exploit Likelihood High