CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,414 vulnerabilities with CWE-79
CVE-2024-53257
MEDIUM
vitess <19.0.8, 0.20.0-rc1-20.0.4, 0.21.0-rc1-0.21.1 - Stored XSS via Debug Query Log and Environment Pages
CVSS 4.9
CVE-2024-11200
MEDIUM
Goodlayers Core <= 2.0.7 - Unauthenticated Reflected Cross-Site Scripting via Font-Family Parameter
CVSS 6.1
CVE-2024-11326
MEDIUM
Campaign Monitor Forms by Optin Cat <2.5.7 - XSS
CVSS 6.1
CVE-2024-11782
MEDIUM
WP Mailster <= 1.8.17.0 - Authenticated Stored Cross-Site Scripting via mst_subscribe Shortcode
CVSS 6.4
CVE-2024-11325
MEDIUM
AWeber Forms by Optin Cat <2.5.7 - XSS
CVSS 5.2
CVE-2024-11866
MEDIUM
BMLT Tabbed Map <= 1.1.8 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-11898
MEDIUM
Scratch & Win - Giveaways and Contests <2.6.9 - XSS
CVSS 6.4
CVE-2024-11853
MEDIUM
jAlbum Bridge <= 2.0.16 - Authenticated Stored Cross-Site Scripting via 'ar' Parameter
CVSS 6.4
CVE-2024-11805
MEDIUM
Quick License Manager - WooCommerce Plugin <= 2.4.17 - Unauthenticated XSS via submit_qlm_products
CVSS 6.1
CVE-2024-11707
MEDIUM
WordPress My auctions allegro plugin <3.6.17 - XSS
CVSS 6.1
CVE-2024-11461
MEDIUM
WordPress Form Data Collector <2.2.3 - XSS
CVSS 6.1
CVE-2024-11453
MEDIUM
WordPress Pinterest Plugin <1.8.8 - XSS
CVSS 6.4
CVE-2024-9058
MEDIUM
Element Pack Elementor Addons < 5.10.5 - Authenticated Stored Cross-Site Scripting via Lightbox Widget
CVSS 6.4
CVE-2024-10893
MEDIUM
WP Booking Calendar < 10.6.5 - Authenticated Stored Cross-Site Scripting in Settings
CVSS 4.8
CVE-2024-10484
MEDIUM
Spectra < 2.16.3 - Authenticated Stored Cross-Site Scripting via Team Widget
CVSS 6.4
CVE-2024-9694
MEDIUM
CMSMasters Elementor Addon <= 1.14.7 - Authenticated Stored Cross-Site Scripting via Widget Attributes
CVSS 6.4
CVE-2024-53988
MEDIUM
rails-html-sanitizer 1.6.0 - Cross-Site Scripting via Allowed Math and Style Elements
CVSS 6.1
CVE-2024-53987
MEDIUM
rails-html-sanitizer 1.6.0 - Cross-Site Scripting via Style Element Injection
CVSS 6.1
CVE-2024-53986
MEDIUM
rails-html-sanitizer 1.6.0 - Cross-Site Scripting via HTML5 Sanitization with Allowed math and style Elements
CVSS 6.1
CVE-2024-53985
MEDIUM
Rails::HTML::Sanitizer <1.16.8 - XSS
CVSS 6.1
CVE-2024-53989
MEDIUM
rails-html-sanitizer 1.6.0 - Cross-Site Scripting via Noscript Tag Override
CVSS 6.1
CVE-2024-5890
MEDIUM
ServiceNow Now Platform < Utah Patch 8 Hot Fix 1, < Vancouver Patch 10, < Washington DC Early Access - HTML Injection
CVSS 4.3
CVE-2024-53617
MEDIUM
LibrePhotos - Cross-Site Scripting and Authorization Bypass via File Upload
CVSS 4.8
CVE-2024-53459
MEDIUM
Sysax Multi Server 6.99 - Cross-Site Scripting via SCGI SID Parameter
CVSS 5.4
CVE-2024-53759
HIGH
ArCa Payment Gateway <= 1.3.1 - Stored Cross-Site Scripting
CVSS 7.1
Details
Vulnerabilities
45,414
Exploit Likelihood
High