CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,414 vulnerabilities with CWE-79
CVE-2024-12181
LOW
dedecms < 5.7.116 - Cross-Site Scripting via mediatype Parameter in SWF File Handler
CVSS 3.5
CVE-2024-12180
LOW
dedecms < 5.7.116 - Cross-Site Scripting via article_add.php body Parameter
CVSS 3.5
CVE-2024-54675
MEDIUM
MISP through 2.5.2 - Stored Cross-Site Scripting in Workflows Editor
CVSS 6.1
CVE-2024-54674
MEDIUM
MISP through 2.5.2 - Stored Cross-Site Scripting in Galaxy Cluster Export
CVSS 6.1
CVE-2024-52676
MEDIUM
Itsourcecode Online Discussion Forum 1.0.0 - Cross-Site Scripting via Home Page
CVSS 5.4
CVE-2024-40745
MEDIUM
Convert Forms < 4.4.8 - Reflected Cross-Site Scripting
CVSS 5.4
CVE-2024-11935
MEDIUM
Email Address Obfuscation plugin <1.0.1 - XSS
CVSS 6.4
CVE-2024-8962
MEDIUM
WPBITS Addons For Elementor Page Builder <= 1.5.2 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-11854
MEDIUM
Listdom WordPress Plugin <= 3.7.0 - Authenticated Stored XSS via Shortcode
CVSS 6.4
CVE-2024-11814
MEDIUM
WooCommerce Additional Custom Order Status <= 1.6.0 - Unauthenticated Reflected XSS via wfwp_wcos_delete
CVSS 6.1
CVE-2024-5020
MEDIUM
Colibri Page Builder < 1.0.286 - Authenticated Stored Cross-Site Scripting via FancyBox Library
CVSS 6.4
CVE-2024-11880
MEDIUM
B Testimonial - Testimonial plugin for WP <= 1.2.2 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-11903
MEDIUM
WP eCards <= 1.3.904 - Authenticated Stored Cross-Site Scripting via Ecard Shortcode
CVSS 6.4
CVE-2024-11769
MEDIUM
Flower Delivery by Florist One <3.9 - XSS
CVSS 6.4
CVE-2024-11466
MEDIUM
Intro Tour Tutorial DeepPresentation <= 6.5.2 - Unauthenticated Reflected Cross-Site Scripting via Tab Parameter
CVSS 6.1
CVE-2024-45717
HIGH
SolarWinds Platform < 2024.4.1 - Authenticated Stored Cross-Site Scripting in Search and Node Information UI
CVSS 7.0
CVE-2024-10885
MEDIUM
SearchIQ - The Search Solution < 4.6 - Authenticated Stored Cross-Site Scripting via siq_searchbox Shortcode
CVSS 6.4
CVE-2024-11897
MEDIUM
MightyForms <= 1.3.9 - Authenticated Stored XSS via Shortcode Attributes
CVSS 6.4
CVE-2024-11807
MEDIUM
NPS computy plugin - WordPress <2.8.0 - XSS
CVSS 6.1
CVE-2024-11747
MEDIUM
Responsive Videos < 2.1 - Authenticated Stored Cross-Site Scripting via somryv Shortcode
CVSS 6.4
CVE-2024-11093
MEDIUM
SG Helper 1.0 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 5.5
CVE-2024-10832
MEDIUM
Posti Shipping <= 3.10.3 - Unauthenticated Reflected Cross-Site Scripting via account_number and secret_key Parameters
CVSS 6.1
CVE-2024-11479
MEDIUM
Issuetrak 17.1 - Authenticated HTML Injection in Ticket Comments
CVE-2024-51773
MEDIUM
HPE Aruba Networking ClearPass Policy Manager - XSS
CVSS 4.8
CVE-2024-53999
HIGH
Mobile Security Framework < 4.2.9 - Stored Cross-Site Scripting via Filename Parameter
CVSS 8.1
Details
Vulnerabilities
45,414
Exploit Likelihood
High