CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,414 vulnerabilities with CWE-79
CVE-2024-12181 LOW
dedecms < 5.7.116 - Cross-Site Scripting via mediatype Parameter in SWF File Handler
CVSS 3.5
CVE-2024-12180 LOW
dedecms < 5.7.116 - Cross-Site Scripting via article_add.php body Parameter
CVSS 3.5
CVE-2024-54675 MEDIUM
MISP through 2.5.2 - Stored Cross-Site Scripting in Workflows Editor
CVSS 6.1
CVE-2024-54674 MEDIUM
MISP through 2.5.2 - Stored Cross-Site Scripting in Galaxy Cluster Export
CVSS 6.1
CVE-2024-52676 MEDIUM
Itsourcecode Online Discussion Forum 1.0.0 - Cross-Site Scripting via Home Page
CVSS 5.4
CVE-2024-40745 MEDIUM
Convert Forms < 4.4.8 - Reflected Cross-Site Scripting
CVSS 5.4
CVE-2024-11935 MEDIUM
Email Address Obfuscation plugin <1.0.1 - XSS
CVSS 6.4
CVE-2024-8962 MEDIUM
WPBITS Addons For Elementor Page Builder <= 1.5.2 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-11854 MEDIUM
Listdom WordPress Plugin <= 3.7.0 - Authenticated Stored XSS via Shortcode
CVSS 6.4
CVE-2024-11814 MEDIUM
WooCommerce Additional Custom Order Status <= 1.6.0 - Unauthenticated Reflected XSS via wfwp_wcos_delete
CVSS 6.1
CVE-2024-5020 MEDIUM
Colibri Page Builder < 1.0.286 - Authenticated Stored Cross-Site Scripting via FancyBox Library
CVSS 6.4
CVE-2024-11880 MEDIUM
B Testimonial - Testimonial plugin for WP <= 1.2.2 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-11903 MEDIUM
WP eCards <= 1.3.904 - Authenticated Stored Cross-Site Scripting via Ecard Shortcode
CVSS 6.4
CVE-2024-11769 MEDIUM
Flower Delivery by Florist One <3.9 - XSS
CVSS 6.4
CVE-2024-11466 MEDIUM
Intro Tour Tutorial DeepPresentation <= 6.5.2 - Unauthenticated Reflected Cross-Site Scripting via Tab Parameter
CVSS 6.1
CVE-2024-45717 HIGH
SolarWinds Platform < 2024.4.1 - Authenticated Stored Cross-Site Scripting in Search and Node Information UI
CVSS 7.0
CVE-2024-10885 MEDIUM
SearchIQ - The Search Solution < 4.6 - Authenticated Stored Cross-Site Scripting via siq_searchbox Shortcode
CVSS 6.4
CVE-2024-11897 MEDIUM
MightyForms <= 1.3.9 - Authenticated Stored XSS via Shortcode Attributes
CVSS 6.4
CVE-2024-11807 MEDIUM
NPS computy plugin - WordPress <2.8.0 - XSS
CVSS 6.1
CVE-2024-11747 MEDIUM
Responsive Videos < 2.1 - Authenticated Stored Cross-Site Scripting via somryv Shortcode
CVSS 6.4
CVE-2024-11093 MEDIUM
SG Helper 1.0 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 5.5
CVE-2024-10832 MEDIUM
Posti Shipping <= 3.10.3 - Unauthenticated Reflected Cross-Site Scripting via account_number and secret_key Parameters
CVSS 6.1
CVE-2024-11479 MEDIUM
Issuetrak 17.1 - Authenticated HTML Injection in Ticket Comments
CVE-2024-51773 MEDIUM
HPE Aruba Networking ClearPass Policy Manager - XSS
CVSS 4.8
CVE-2024-53999 HIGH
Mobile Security Framework < 4.2.9 - Stored Cross-Site Scripting via Filename Parameter
CVSS 8.1
Details
Vulnerabilities 45,414
Exploit Likelihood High