CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,423 vulnerabilities with CWE-79
CVE-2024-52943
MEDIUM
Veritas Enterprise Vault < 15.1 - Authenticated Cross-Site Scripting via HTTP Request Parameter Injection
CVSS 5.4
CVE-2024-52942
MEDIUM
Veritas Enterprise Vault < 15.1 - Authenticated Cross-Site Scripting via HTTP Request Parameter Injection
CVSS 5.4
CVE-2024-52941
MEDIUM
Veritas Enterprise Vault <15.1 - XSS
CVSS 5.4
CVE-2024-9938
MEDIUM
Bounce Handler MailPoet 3 <= 1.3.21 - Unauthenticated Reflected Cross-Site Scripting via Page Parameter
CVSS 6.1
CVE-2024-9850
MEDIUM
SVG Case Study <= 1.0 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-9615
MEDIUM
BulkPress <= 0.3.5 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg
CVSS 6.1
CVE-2024-9386
MEDIUM
Divi Preloader & Modules <=1.4 - Authenticated Stored XSS via SVG Upload
CVSS 6.4
CVE-2024-8873
MEDIUM
PeproDev WooCommerce Receipt Uploader <2.6.9 - XSS
CVSS 6.1
CVE-2024-11092
MEDIUM
SVGPlus plugin - WordPress <1.1.0 - XSS
CVSS 6.4
CVE-2024-10884
MEDIUM
SimpleForm Contact Form Submissions <2.1.0 - XSS
CVSS 6.1
CVE-2024-10883
MEDIUM
SimpleForm - Contact form made simple <2.2.0 - XSS
CVSS 6.1
CVE-2024-10875
MEDIUM
WordPress Gallery Manager <1.6.58 - XSS
CVSS 6.1
CVE-2024-10147
MEDIUM
Steel < 1.3.0 - Authenticated Stored Cross-Site Scripting via btn Shortcode
CVSS 6.4
CVE-2024-10017
MEDIUM
PJW Mime Config <= 1.0 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-10015
MEDIUM
WordPress ConvertCalculator <1.1.1 - XSS
CVSS 6.4
CVE-2024-50983
MEDIUM
FlightPath 7.5 - Authenticated Stored Cross-Site Scripting via Last Name Field
CVSS 5.4
CVE-2024-45611
MEDIUM
GLPI 0.84-10.0.16 - Authenticated Stored Cross-Site Scripting via Private RSS Feed
CVSS 5.7
CVE-2024-45610
MEDIUM
GLPI 10.0.0-10.0.16 - Unauthenticated Reflected Cross-Site Scripting in Cable Form
CVSS 6.5
CVE-2024-45609
MEDIUM
GLPI >= 0.70 < 10.0.17 - Unauthenticated Reflected Cross-Site Scripting in Reports Pages
CVSS 6.5
CVE-2024-11259
LOW
code-projects Farmacia 1.0 - Cross-Site Scripting in /fornecedores.php
CVSS 3.5
CVE-2024-51142
MEDIUM
Chamilo LMS 1.11.26 - Stored Cross-Site Scripting via storageapi.php svkey Parameter
CVSS 5.4
CVE-2024-43418
MEDIUM
GLPI 0.65-10.0.16 - Unauthenticated Reflected Cross-Site Scripting
CVSS 6.5
CVE-2024-43417
MEDIUM
GLPI 10.0.0-10.0.16 - Unauthenticated Reflected Cross-Site Scripting in Software Form
CVSS 6.5
CVE-2024-23169
MEDIUM
RSA NetWitness 11.7.2.0 - Stored Cross-Site Scripting via Reports Screen Where Textbox
CVSS 4.6
CVE-2024-50800
MEDIUM
M2000 Smart4Web < 5.020241004 - Cross-Site Scripting via Error Parameter
CVSS 5.4
Details
Vulnerabilities
45,423
Exploit Likelihood
High