CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,417 vulnerabilities with CWE-79
CVE-2024-32768 MEDIUM
Photo Station 6.4.0-6.4.2 - Authenticated Stored Cross-Site Scripting
CVSS 6.3
CVE-2024-32767 MEDIUM
Photo Station 6.4.0-6.4.2 - Authenticated Stored Cross-Site Scripting
CVSS 6.3
CVE-2024-8735 MEDIUM
MailMunch - Grow your Email List <= 3.1.8 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg
CVSS 6.1
CVE-2024-11381 MEDIUM
Control horas <= 1.0.1 - Authenticated Stored Cross-Site Scripting via ch_registro Shortcode
CVSS 6.4
CVE-2024-11225 MEDIUM
Premium Packages - Sell Digital Products Securely <5.9.3 - XSS
CVSS 6.1
CVE-2024-10034 MEDIUM
Gallery Blocks with Lightbox < 3.2.4.2 - Authenticated Stored Cross-Site Scripting via Gallery Link Text Parameter
CVSS 5.5
CVE-2024-52053 CRITICAL
Wowza Streaming Engine <4.9.1 - XSS
CVSS 9.6
CVE-2024-51337 LOW
Gibbon < 27.0.01 - Cross-Site Scripting via Email Parameter in User Admin Module
CVSS 3.5
CVE-2024-52803 HIGH
llama-factory < 0.9.1 - OS Command Injection via Popen with shell=True
CVSS 7.5
CVE-2024-45517 MEDIUM
Zimbra Collaboration Suite < 8.8.15 - Cross-Site Scripting via /h/rest Endpoint
CVSS 5.4
CVE-2024-45513 MEDIUM
Zimbra Collaboration Suite < 9.0.0 - Stored Cross-Site Scripting via vCard Processing in Print Endpoint
CVSS 4.8
CVE-2024-45194 MEDIUM
Zimbra Collaboration Suite 9.0-10.0 - Authenticated Stored Cross-Site Scripting via Email Account Configuration
CVSS 4.8
CVE-2024-45514 MEDIUM
Zimbra Collaboration Suite < 8.8.15 - Cross-Site Scripting via Packaged Parameter
CVSS 5.4
CVE-2024-45512 MEDIUM
Zimbra Collaboration Suite < 9.0.0 - Stored Cross-Site Scripting via Briefcase Folder Share Notification
CVSS 5.4
CVE-2024-7130 MEDIUM
Kion Computer KION Exchange Programs <1.21.9092.29966 - XSS
CVSS 5.5
CVE-2024-7016 MEDIUM
Smarttek Smart Doctor <= 2024-11-21 - Authenticated Stored Cross-Site Scripting
CVSS 4.8
CVE-2024-11587 LOW
idcCMS 1.60 - Cross-Site Scripting in GetCityOptionJs Function
CVSS 3.5
CVE-2024-9851 MEDIUM
LSX Tour Operator < 1.4.9 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-9768 MEDIUM
Formidable Forms < 6.14.1 - Stored Cross-Site Scripting in Settings
CVSS 4.8
CVE-2024-9600 MEDIUM
Ditty < 3.1.47 - Authenticated Stored Cross-Site Scripting in Plugin Settings
CVSS 4.8
CVE-2024-9442 MEDIUM
F4 Improvements < 1.9.0 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-9371 MEDIUM
Branda - Custom Login Page Customizer <3.4.19 - XSS
CVSS 6.1
CVE-2024-9111 MEDIUM
Product Designer < 1.0.36 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-11456 MEDIUM
ContestsWP <= 2.0.3 - Unauthenticated Reflected XSS via add_query_arg
CVSS 6.1
CVE-2024-11455 MEDIUM
WordPress Include Mastodon Feed <1.9.5 - XSS
CVSS 6.4
Details
Vulnerabilities 45,417
Exploit Likelihood High