CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,423 vulnerabilities with CWE-79
CVE-2024-52943 MEDIUM
Veritas Enterprise Vault < 15.1 - Authenticated Cross-Site Scripting via HTTP Request Parameter Injection
CVSS 5.4
CVE-2024-52942 MEDIUM
Veritas Enterprise Vault < 15.1 - Authenticated Cross-Site Scripting via HTTP Request Parameter Injection
CVSS 5.4
CVE-2024-52941 MEDIUM
Veritas Enterprise Vault <15.1 - XSS
CVSS 5.4
CVE-2024-9938 MEDIUM
Bounce Handler MailPoet 3 <= 1.3.21 - Unauthenticated Reflected Cross-Site Scripting via Page Parameter
CVSS 6.1
CVE-2024-9850 MEDIUM
SVG Case Study <= 1.0 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-9615 MEDIUM
BulkPress <= 0.3.5 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg
CVSS 6.1
CVE-2024-9386 MEDIUM
Divi Preloader & Modules <=1.4 - Authenticated Stored XSS via SVG Upload
CVSS 6.4
CVE-2024-8873 MEDIUM
PeproDev WooCommerce Receipt Uploader <2.6.9 - XSS
CVSS 6.1
CVE-2024-11092 MEDIUM
SVGPlus plugin - WordPress <1.1.0 - XSS
CVSS 6.4
CVE-2024-10884 MEDIUM
SimpleForm Contact Form Submissions <2.1.0 - XSS
CVSS 6.1
CVE-2024-10883 MEDIUM
SimpleForm - Contact form made simple <2.2.0 - XSS
CVSS 6.1
CVE-2024-10875 MEDIUM
WordPress Gallery Manager <1.6.58 - XSS
CVSS 6.1
CVE-2024-10147 MEDIUM
Steel < 1.3.0 - Authenticated Stored Cross-Site Scripting via btn Shortcode
CVSS 6.4
CVE-2024-10017 MEDIUM
PJW Mime Config <= 1.0 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-10015 MEDIUM
WordPress ConvertCalculator <1.1.1 - XSS
CVSS 6.4
CVE-2024-50983 MEDIUM
FlightPath 7.5 - Authenticated Stored Cross-Site Scripting via Last Name Field
CVSS 5.4
CVE-2024-45611 MEDIUM
GLPI 0.84-10.0.16 - Authenticated Stored Cross-Site Scripting via Private RSS Feed
CVSS 5.7
CVE-2024-45610 MEDIUM
GLPI 10.0.0-10.0.16 - Unauthenticated Reflected Cross-Site Scripting in Cable Form
CVSS 6.5
CVE-2024-45609 MEDIUM
GLPI >= 0.70 < 10.0.17 - Unauthenticated Reflected Cross-Site Scripting in Reports Pages
CVSS 6.5
CVE-2024-11259 LOW
code-projects Farmacia 1.0 - Cross-Site Scripting in /fornecedores.php
CVSS 3.5
CVE-2024-51142 MEDIUM
Chamilo LMS 1.11.26 - Stored Cross-Site Scripting via storageapi.php svkey Parameter
CVSS 5.4
CVE-2024-43418 MEDIUM
GLPI 0.65-10.0.16 - Unauthenticated Reflected Cross-Site Scripting
CVSS 6.5
CVE-2024-43417 MEDIUM
GLPI 10.0.0-10.0.16 - Unauthenticated Reflected Cross-Site Scripting in Software Form
CVSS 6.5
CVE-2024-23169 MEDIUM
RSA NetWitness 11.7.2.0 - Stored Cross-Site Scripting via Reports Screen Where Textbox
CVSS 4.6
CVE-2024-50800 MEDIUM
M2000 Smart4Web < 5.020241004 - Cross-Site Scripting via Error Parameter
CVSS 5.4
Details
Vulnerabilities 45,423
Exploit Likelihood High