CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,423 vulnerabilities with CWE-79
CVE-2024-0875 MEDIUM
OpenEMR 7.0.1 - Stored Cross-Site Scripting via Secure Messaging InputBody Field
CVSS 4.8
CVE-2024-8961 MEDIUM
Essential Addons for Elementor < 6.0.8 - Authenticated Stored Cross-Site Scripting via nomore_items_text Parameter
CVSS 6.4
CVE-2024-10825 MEDIUM
Hide My WP Ghost - Security & Firewall <= 5.3.01 - Unauthenticated Reflected Cross-Site Scripting via URL
CVSS 6.1
CVE-2024-10104 MEDIUM
Jobs for WordPress < 2.7.8 - Stored Cross-Site Scripting in Job Settings
CVSS 5.9
CVE-2024-9356 MEDIUM
Yotpo: Product & Photo Reviews for WooCommerce <= 1.7.9 - Reflected XSS via yotpo_user_email and yotpo_user_name
CVSS 6.1
CVE-2024-39610 MEDIUM
FitNesse < 20241026 - Cross-Site Scripting
CVSS 6.1
CVE-2024-10793 HIGH
WP Activity Log <= 5.2.1 - Unauthenticated Stored Cross-Site Scripting via user_id Parameter
CVSS 7.2
CVE-2024-10260 HIGH
Tripetto WordPress Plugin <= 8.0.11 - Unauthenticated Stored Cross-Site Scripting via File Uploads
CVSS 7.2
CVE-2024-10113 MEDIUM
WP AdCenter - Ad Manager & Adsense Ads <= 2.5.7 - Authenticated Stored Cross-Site Scripting via wpadcenter_ad Shortcode
CVSS 6.4
CVE-2024-9609 MEDIUM
LearnPress Export Import < 4.0.4 - Reflected XSS via learnpress_import_form_server
CVSS 6.1
CVE-2024-40579 MEDIUM
Virtuozzo Hybrid Server for WHMCS Open Source <1.7.1 - XSS
CVSS 5.4
CVE-2024-5125 HIGH
parisneo/lollms-webui <9.6 - XSS/Open Redirect
CVSS 7.3
CVE-2024-49362 HIGH
Joplin < 3.1 - Remote Code Execution via Unsanitized Mermaid Link Attributes
CVSS 7.7
CVE-2024-48284 MEDIUM
PHPGurukul User Registration & Login System 3.2 - Reflected XSS via Search Parameter
CVSS 4.8
CVE-2024-50836 MEDIUM
KASHIPARA E-learning Management System 1.0 - Stored XSS via Teacher Parameters
CVSS 4.8
CVE-2024-7124 MEDIUM
DInGO dLibra 6.0-6.3.19 - Reflected Cross-Site Scripting via Indexsearch Filter Parameter
CVE-2024-50837 MEDIUM
KASHIPARA E-learning Management System Project 1.0 - Stored Cross-Site Scripting via firstname and username Parameters
CVSS 5.4
CVE-2024-50842 MEDIUM
KASHIPARA E-learning Management System Project 1.0 - Stored Cross-Site Scripting via School Year Parameter
CVSS 5.4
CVE-2024-50841 MEDIUM
KASHIPARA E-learning Management System Project 1.0 - Stored Cross-Site Scripting via Calendar of Events Parameters
CVSS 5.4
CVE-2024-8648 MEDIUM
GitLab 16.0.0-17.3.6, 17.4.0-17.4.3, 17.5.0-17.5.1 - Stored Cross-Site Scripting via Analytics Dashboard URL
CVSS 6.1
CVE-2024-45099 LOW
IBM Security ReaQta 3.12-3.12.11 - Stored Cross-Site Scripting in Web UI
CVSS 3.1
CVE-2024-8180 MEDIUM
GitLab 17.3.0-17.3.6, 17.4.0-17.4.3, 17.5.0-17.5.1 - Cross-Site Scripting via Vulnerability Code Flow
CVSS 5.4
CVE-2024-5920 MEDIUM
Palo Alto Networks PAN-OS 10.1.0-10.1.13 - Authenticated Stored Cross-Site Scripting via Configuration Push
CVSS 4.8
CVE-2024-45254 HIGH
VaeMendis Ubooquity 2.1.2-2.1.4 - Cross-Site Scripting
CVSS 7.5
CVE-2024-7787 MEDIUM
ITG Computer Technology vSRM <28.08.2024 - XSS
Details
Vulnerabilities 45,423
Exploit Likelihood High