CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,423 vulnerabilities with CWE-79
CVE-2024-52394
MEDIUM
nopea.Media Print PDF Generator & Publisher <1.1.6 - XSS
CVSS 6.5
CVE-2024-52389
MEDIUM
WP Job Portal <= 2.2.0 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-52349
MEDIUM
Md. Shiddikur Rahman Awesome Tool Tip - XSS
CVSS 6.5
CVE-2024-52348
MEDIUM
AA Audio Player <= 1.0 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2024-52347
MEDIUM
Website remote Install vor Gravity, WPForms, Formidable, Ninja, Caldera <= 4.0 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-52346
MEDIUM
SimpleGMaps <= 1.0 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-52345
MEDIUM
Roberto Alicata ra_qrcode <2.1.0 - XSS
CVSS 6.5
CVE-2024-52344
MEDIUM
Muhammad Junaid Provide Forex Signals - XSS
CVSS 6.5
CVE-2024-52343
MEDIUM
Offshorent Softwares Pvt. Ltd. Jinesh.P.V OS Pricing Tables <1.2 - XSS
CVSS 6.5
CVE-2024-52342
MEDIUM
Offshorent Solutions Pvt Ltd. Jinesh.P.V OS BXSlider <2.6 - XSS
CVSS 6.5
CVE-2024-52341
MEDIUM
Offshorent Solutions Pvt Ltd. - Jinesh.P.V OS Our Team <1.7 - XSS
CVSS 6.5
CVE-2024-52585
MEDIUM
Autolab 3.0.1 - Cross-Site Scripting in Grade Submissions Page
CVSS 5.4
CVE-2024-51053
CRITICAL
AVSCMS 8.2.0 - Arbitrary File Upload and Remote Code Execution via /main/fileupload.php
CVSS 9.8
CVE-2024-50849
MEDIUM
WorldServer 11.8.2 - Authenticated Stored Cross-Site Scripting in Rules Functionality
CVSS 4.8
CVE-2024-52426
MEDIUM
Linear < 2.8.0 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2024-52425
MEDIUM
Drozd - Addons for Elementor <= 1.1.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-52423
MEDIUM
Themify Builder <= 7.6.5 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-52422
MEDIUM
WP Githuber MD <= 1.16.3 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-52419
MEDIUM
Copy Anything to Clipboard < 4.0.3 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-11304
MEDIUM
SEH Computertechnik utnserver Pro, ProMAX, INU-100 < 20.1.22 - Stored Cross-Site Scripting
CVE-2024-9526
MEDIUM
Kubeflow Pipelines < 2023-12-13 - Stored Cross-Site Scripting in Pipeline Description Field
CVSS 5.4
CVE-2024-11319
MEDIUM
django-cms 3.11.7-3.11.8 4.1.2-4.1.3 - Stored Cross-Site Scripting in Page Title Field
CVSS 4.8
CVE-2024-11023
MEDIUM
Firebase JavaScript SDK < 10.9.0 - Session Data Exposure via FIREBASE_DEFAULTS Cookie Manipulation
CVSS 6.1
CVE-2024-52947
MEDIUM
LemonLDAP::NG < 2.20.1 - Cross-Site Scripting via Upgrade Session URL Parameter
CVSS 5.4
CVE-2024-52944
MEDIUM
Veritas Enterprise Vault < 15.1 - Authenticated Cross-Site Scripting via HTTP Parameter Injection
CVSS 5.4
Details
Vulnerabilities
45,423
Exploit Likelihood
High