CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,417 vulnerabilities with CWE-79
CVE-2024-10172 MEDIUM
WPBakery Visual Composer WHMCS Elements <1.0.4 - XSS
CVSS 6.4
CVE-2024-10164 MEDIUM
Premium Packages - Sell Digital Products Securely <5.9.3 - XSS
CVSS 6.4
CVE-2024-52702 MEDIUM
MyBB 1.8.38 - Stored Cross-Site Scripting in Website Name Parameter
CVSS 5.4
CVE-2024-52701 MEDIUM
Piwigo 14.5.0 - Stored Cross-Site Scripting via Page Banner Parameter
CVSS 5.4
CVE-2024-48536 HIGH
eSoft Planner 3.24.08271-USA - Unauthenticated Information Disclosure via Crafted Web Request
CVSS 7.5
CVE-2024-48535 MEDIUM
eSoft Planner 3.24.08271-USA - Stored Cross-Site Scripting via Name Parameter
CVSS 5.4
CVE-2024-48534 MEDIUM
eSoft Planner 3.24.08271-USA - Reflected Cross-Site Scripting in Camp Details Module
CVSS 5.4
CVE-2024-48531 MEDIUM
eSoft Planner 3.24.08271-USA - Reflected Cross-Site Scripting in Rental Availability Module
CVSS 5.4
CVE-2024-45510 MEDIUM
Zimbra Collaboration Suite < 9.0.0 - Stored Cross-Site Scripting via Contact List
CVSS 5.4
CVE-2024-45511 MEDIUM
Zimbra Collaboration Suite < 10.0.9 - Reflected Cross-Site Scripting via OnlyOffice Formatter
CVSS 5.4
CVE-2024-11493 LOW
115cms < 2024-08-07 - Cross-Site Scripting via tid Parameter in /index.php/setpage/admin/pageAE.html
CVSS 3.5
CVE-2024-11492 LOW
115cms < 2024-08-07 - Cross-Site Scripting via tid Parameter in Admin Web App URL Add
CVSS 3.5
CVE-2024-52770 CRITICAL
DedeBIZ v6.3.0 - Arbitrary File Upload and Remote Code Execution via File Management Component
CVSS 9.8
CVE-2024-11491 LOW
115cms < 2024-08-07 - Cross-Site Scripting via ks Parameter in Admin User Management
CVSS 3.5
CVE-2024-11490 LOW
115cms < 2024-08-07 - Cross-Site Scripting via /index.php/admin/web/set.html Type Parameter
CVSS 3.5
CVE-2024-11489 LOW
115cms < 2024-08-07 - Cross-Site Scripting via ks Parameter in Admin File Management
CVSS 3.5
CVE-2024-11488 LOW
115cms < 2024-08-07 - Cross-Site Scripting via ks Argument in /app/admin/view/web_user.html
CVSS 3.5
CVE-2024-52598 HIGH
2fauth < 5.4.1 - Server-Side Request Forgery and URI Validation Bypass via Preview Endpoint
CVSS 7.5
CVE-2024-52473 HIGH
Sandeep Verma HTML5 Lyrics Karaoke Player <2.4 - XSS
CVSS 7.1
CVE-2024-52472 HIGH
Weather Atlas Widget <= 3.0.3 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-52471 HIGH
Extensions for Elementor < 2.0.37 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-52470 HIGH
Brainvireinfo Dynamic URL SEO <1.0 - XSS
CVSS 7.1
CVE-2024-51209 MEDIUM
Client Management System 1.2 - Stored Cross-Site Scripting via Search Input Field
CVSS 5.4
CVE-2024-52597 MEDIUM
2fauth < 5.4.1 - Stored Cross-Site Scripting via SVG Upload
CVSS 6.1
CVE-2024-11406 MEDIUM
django CMS Attributes Fields <4.0 - XSS
CVSS 6.9
Details
Vulnerabilities 45,417
Exploit Likelihood High