CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,423 vulnerabilities with CWE-79
CVE-2024-52394 MEDIUM
nopea.Media Print PDF Generator & Publisher <1.1.6 - XSS
CVSS 6.5
CVE-2024-52389 MEDIUM
WP Job Portal <= 2.2.0 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-52349 MEDIUM
Md. Shiddikur Rahman Awesome Tool Tip - XSS
CVSS 6.5
CVE-2024-52348 MEDIUM
AA Audio Player <= 1.0 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2024-52347 MEDIUM
Website remote Install vor Gravity, WPForms, Formidable, Ninja, Caldera <= 4.0 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-52346 MEDIUM
SimpleGMaps <= 1.0 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-52345 MEDIUM
Roberto Alicata ra_qrcode <2.1.0 - XSS
CVSS 6.5
CVE-2024-52344 MEDIUM
Muhammad Junaid Provide Forex Signals - XSS
CVSS 6.5
CVE-2024-52343 MEDIUM
Offshorent Softwares Pvt. Ltd. Jinesh.P.V OS Pricing Tables <1.2 - XSS
CVSS 6.5
CVE-2024-52342 MEDIUM
Offshorent Solutions Pvt Ltd. Jinesh.P.V OS BXSlider <2.6 - XSS
CVSS 6.5
CVE-2024-52341 MEDIUM
Offshorent Solutions Pvt Ltd. - Jinesh.P.V OS Our Team <1.7 - XSS
CVSS 6.5
CVE-2024-52585 MEDIUM
Autolab 3.0.1 - Cross-Site Scripting in Grade Submissions Page
CVSS 5.4
CVE-2024-51053 CRITICAL
AVSCMS 8.2.0 - Arbitrary File Upload and Remote Code Execution via /main/fileupload.php
CVSS 9.8
CVE-2024-50849 MEDIUM
WorldServer 11.8.2 - Authenticated Stored Cross-Site Scripting in Rules Functionality
CVSS 4.8
CVE-2024-52426 MEDIUM
Linear < 2.8.0 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2024-52425 MEDIUM
Drozd - Addons for Elementor <= 1.1.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-52423 MEDIUM
Themify Builder <= 7.6.5 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-52422 MEDIUM
WP Githuber MD <= 1.16.3 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-52419 MEDIUM
Copy Anything to Clipboard < 4.0.3 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-11304 MEDIUM
SEH Computertechnik utnserver Pro, ProMAX, INU-100 < 20.1.22 - Stored Cross-Site Scripting
CVE-2024-9526 MEDIUM
Kubeflow Pipelines < 2023-12-13 - Stored Cross-Site Scripting in Pipeline Description Field
CVSS 5.4
CVE-2024-11319 MEDIUM
django-cms 3.11.7-3.11.8 4.1.2-4.1.3 - Stored Cross-Site Scripting in Page Title Field
CVSS 4.8
CVE-2024-11023 MEDIUM
Firebase JavaScript SDK < 10.9.0 - Session Data Exposure via FIREBASE_DEFAULTS Cookie Manipulation
CVSS 6.1
CVE-2024-52947 MEDIUM
LemonLDAP::NG < 2.20.1 - Cross-Site Scripting via Upgrade Session URL Parameter
CVSS 5.4
CVE-2024-52944 MEDIUM
Veritas Enterprise Vault < 15.1 - Authenticated Cross-Site Scripting via HTTP Parameter Injection
CVSS 5.4
Details
Vulnerabilities 45,423
Exploit Likelihood High