CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,423 vulnerabilities with CWE-79
CVE-2024-47759 MEDIUM
GLPI 9.2.0-10.0.16 - Stored Cross-Site Scripting via SVG Upload
CVSS 4.8
CVE-2024-41678 MEDIUM
GLPI 0.50-10.0.16 - Unauthenticated Reflected Cross-Site Scripting
CVSS 6.5
CVE-2024-52520 MEDIUM
Nextcloud Server 27.0.0-27.1.11.8 and 28.0.0-28.0.10 - Uncontrolled Resource Consumption via Link Reference Provider
CVSS 5.7
CVE-2024-50655 MEDIUM
emlog pro <=2.3.18 - Stored Cross-Site Scripting in Published Articles
CVSS 5.4
CVE-2024-11247 LOW
SourceCodester Online Eyewear Shop 1.0 - Cross-Site Scripting via Inventory Page Brand Parameter
CVSS 3.5
CVE-2024-52526 MEDIUM
LibreNMS < 24.10.0 - Authenticated Stored Cross-Site Scripting via Service Descr Parameter
CVSS 4.8
CVE-2024-51497 MEDIUM
LibreNMS < 24.10.0 - Authenticated Stored Cross-Site Scripting via Custom OID Unit Parameter
CVSS 4.8
CVE-2024-51496 MEDIUM
LibreNMS < 24.10.0 - Reflected Cross-Site Scripting via Metric Parameter
CVSS 4.8
CVE-2024-51495 MEDIUM
LibreNMS < 24.10.0 - Authenticated Stored Cross-Site Scripting via Device Overwrite IP Parameter
CVSS 4.8
CVE-2024-51494 MEDIUM
LibreNMS < 24.10.0 - Authenticated Stored Cross-Site Scripting via Port Settings Descr Parameter
CVSS 4.8
CVE-2024-50355 MEDIUM
LibreNMS < 24.10.0 - Authenticated Stored Cross-Site Scripting via Device Display Name
CVSS 4.8
CVE-2024-50352 MEDIUM
LibreNMS < 24.10.0 - Authenticated Stored Cross-Site Scripting via Service Name Parameter
CVSS 4.8
CVE-2024-50351 MEDIUM
LibreNMS < 24.10.0 - Reflected Cross-Site Scripting via Device Logs Section Parameter
CVSS 4.8
CVE-2024-50350 MEDIUM
LibreNMS < 24.10.0 - Authenticated Stored Cross-Site Scripting via Port Group Name Parameter
CVSS 4.8
CVE-2024-49764 MEDIUM
LibreNMS < 24.10.0 - Authenticated Stored Cross-Site Scripting via Hostname Parameter
CVSS 4.8
CVE-2024-49759 MEDIUM
LibreNMS < 24.10.0 - Authenticated Stored Cross-Site Scripting via Bill Name Parameter
CVSS 4.8
CVE-2024-49758 MEDIUM
LibreNMS < 24.10.0 - Authenticated Stored Cross-Site Scripting via Device Notes
CVSS 4.8
CVE-2024-49754 HIGH
LibreNMS < 24.10.0 - Authenticated Stored Cross-Site Scripting via API Token Parameter
CVSS 7.5
CVE-2024-11246 LOW
Farmacia 1.0 - Cross-Site Scripting via nome/cpf/dataNascimento Parameters
CVSS 3.5
CVE-2024-48068 MEDIUM
Landray EKP v16 and earlier - Cross-Site Scripting
CVSS 6.1
CVE-2024-41785 MEDIUM
IBM Concert 1.0.0-1.0.1 - Unauthenticated Stored Cross-Site Scripting
CVSS 6.1
CVE-2024-11243 MEDIUM
code-projects Online Shop Store 1.0 - Cross-Site Scripting via /signup.php m2 Parameter
CVSS 4.3
CVE-2024-11240 LOW
ibWebAdmin <= 1.0.2 - Cross-Site Scripting via db_login_role Parameter
CVSS 3.5
CVE-2024-1097 MEDIUM
k5n webcalendar 1.3.0 - Stored Cross-Site Scripting via Report Name Input Field
CVSS 5.4
CVE-2024-11182 MEDIUM KEV
MDaemon < 24.5.1 - Stored Cross-Site Scripting via HTML Email Image Tag
CVSS 6.1
Details
Vulnerabilities 45,423
Exploit Likelihood High