CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,423 vulnerabilities with CWE-79
CVE-2024-47759
MEDIUM
GLPI 9.2.0-10.0.16 - Stored Cross-Site Scripting via SVG Upload
CVSS 4.8
CVE-2024-41678
MEDIUM
GLPI 0.50-10.0.16 - Unauthenticated Reflected Cross-Site Scripting
CVSS 6.5
CVE-2024-52520
MEDIUM
Nextcloud Server 27.0.0-27.1.11.8 and 28.0.0-28.0.10 - Uncontrolled Resource Consumption via Link Reference Provider
CVSS 5.7
CVE-2024-50655
MEDIUM
emlog pro <=2.3.18 - Stored Cross-Site Scripting in Published Articles
CVSS 5.4
CVE-2024-11247
LOW
SourceCodester Online Eyewear Shop 1.0 - Cross-Site Scripting via Inventory Page Brand Parameter
CVSS 3.5
CVE-2024-52526
MEDIUM
LibreNMS < 24.10.0 - Authenticated Stored Cross-Site Scripting via Service Descr Parameter
CVSS 4.8
CVE-2024-51497
MEDIUM
LibreNMS < 24.10.0 - Authenticated Stored Cross-Site Scripting via Custom OID Unit Parameter
CVSS 4.8
CVE-2024-51496
MEDIUM
LibreNMS < 24.10.0 - Reflected Cross-Site Scripting via Metric Parameter
CVSS 4.8
CVE-2024-51495
MEDIUM
LibreNMS < 24.10.0 - Authenticated Stored Cross-Site Scripting via Device Overwrite IP Parameter
CVSS 4.8
CVE-2024-51494
MEDIUM
LibreNMS < 24.10.0 - Authenticated Stored Cross-Site Scripting via Port Settings Descr Parameter
CVSS 4.8
CVE-2024-50355
MEDIUM
LibreNMS < 24.10.0 - Authenticated Stored Cross-Site Scripting via Device Display Name
CVSS 4.8
CVE-2024-50352
MEDIUM
LibreNMS < 24.10.0 - Authenticated Stored Cross-Site Scripting via Service Name Parameter
CVSS 4.8
CVE-2024-50351
MEDIUM
LibreNMS < 24.10.0 - Reflected Cross-Site Scripting via Device Logs Section Parameter
CVSS 4.8
CVE-2024-50350
MEDIUM
LibreNMS < 24.10.0 - Authenticated Stored Cross-Site Scripting via Port Group Name Parameter
CVSS 4.8
CVE-2024-49764
MEDIUM
LibreNMS < 24.10.0 - Authenticated Stored Cross-Site Scripting via Hostname Parameter
CVSS 4.8
CVE-2024-49759
MEDIUM
LibreNMS < 24.10.0 - Authenticated Stored Cross-Site Scripting via Bill Name Parameter
CVSS 4.8
CVE-2024-49758
MEDIUM
LibreNMS < 24.10.0 - Authenticated Stored Cross-Site Scripting via Device Notes
CVSS 4.8
CVE-2024-49754
HIGH
LibreNMS < 24.10.0 - Authenticated Stored Cross-Site Scripting via API Token Parameter
CVSS 7.5
CVE-2024-11246
LOW
Farmacia 1.0 - Cross-Site Scripting via nome/cpf/dataNascimento Parameters
CVSS 3.5
CVE-2024-48068
MEDIUM
Landray EKP v16 and earlier - Cross-Site Scripting
CVSS 6.1
CVE-2024-41785
MEDIUM
IBM Concert 1.0.0-1.0.1 - Unauthenticated Stored Cross-Site Scripting
CVSS 6.1
CVE-2024-11243
MEDIUM
code-projects Online Shop Store 1.0 - Cross-Site Scripting via /signup.php m2 Parameter
CVSS 4.3
CVE-2024-11240
LOW
ibWebAdmin <= 1.0.2 - Cross-Site Scripting via db_login_role Parameter
CVSS 3.5
CVE-2024-1097
MEDIUM
k5n webcalendar 1.3.0 - Stored Cross-Site Scripting via Report Name Input Field
CVSS 5.4
CVE-2024-11182
MEDIUM
KEV
MDaemon < 24.5.1 - Stored Cross-Site Scripting via HTML Email Image Tag
CVSS 6.1
Details
Vulnerabilities
45,423
Exploit Likelihood
High