CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,423 vulnerabilities with CWE-79
CVE-2024-0875
MEDIUM
OpenEMR 7.0.1 - Stored Cross-Site Scripting via Secure Messaging InputBody Field
CVSS 4.8
CVE-2024-8961
MEDIUM
Essential Addons for Elementor < 6.0.8 - Authenticated Stored Cross-Site Scripting via nomore_items_text Parameter
CVSS 6.4
CVE-2024-10825
MEDIUM
Hide My WP Ghost - Security & Firewall <= 5.3.01 - Unauthenticated Reflected Cross-Site Scripting via URL
CVSS 6.1
CVE-2024-10104
MEDIUM
Jobs for WordPress < 2.7.8 - Stored Cross-Site Scripting in Job Settings
CVSS 5.9
CVE-2024-9356
MEDIUM
Yotpo: Product & Photo Reviews for WooCommerce <= 1.7.9 - Reflected XSS via yotpo_user_email and yotpo_user_name
CVSS 6.1
CVE-2024-39610
MEDIUM
FitNesse < 20241026 - Cross-Site Scripting
CVSS 6.1
CVE-2024-10793
HIGH
WP Activity Log <= 5.2.1 - Unauthenticated Stored Cross-Site Scripting via user_id Parameter
CVSS 7.2
CVE-2024-10260
HIGH
Tripetto WordPress Plugin <= 8.0.11 - Unauthenticated Stored Cross-Site Scripting via File Uploads
CVSS 7.2
CVE-2024-10113
MEDIUM
WP AdCenter - Ad Manager & Adsense Ads <= 2.5.7 - Authenticated Stored Cross-Site Scripting via wpadcenter_ad Shortcode
CVSS 6.4
CVE-2024-9609
MEDIUM
LearnPress Export Import < 4.0.4 - Reflected XSS via learnpress_import_form_server
CVSS 6.1
CVE-2024-40579
MEDIUM
Virtuozzo Hybrid Server for WHMCS Open Source <1.7.1 - XSS
CVSS 5.4
CVE-2024-5125
HIGH
parisneo/lollms-webui <9.6 - XSS/Open Redirect
CVSS 7.3
CVE-2024-49362
HIGH
Joplin < 3.1 - Remote Code Execution via Unsanitized Mermaid Link Attributes
CVSS 7.7
CVE-2024-48284
MEDIUM
PHPGurukul User Registration & Login System 3.2 - Reflected XSS via Search Parameter
CVSS 4.8
CVE-2024-50836
MEDIUM
KASHIPARA E-learning Management System 1.0 - Stored XSS via Teacher Parameters
CVSS 4.8
CVE-2024-7124
MEDIUM
DInGO dLibra 6.0-6.3.19 - Reflected Cross-Site Scripting via Indexsearch Filter Parameter
CVE-2024-50837
MEDIUM
KASHIPARA E-learning Management System Project 1.0 - Stored Cross-Site Scripting via firstname and username Parameters
CVSS 5.4
CVE-2024-50842
MEDIUM
KASHIPARA E-learning Management System Project 1.0 - Stored Cross-Site Scripting via School Year Parameter
CVSS 5.4
CVE-2024-50841
MEDIUM
KASHIPARA E-learning Management System Project 1.0 - Stored Cross-Site Scripting via Calendar of Events Parameters
CVSS 5.4
CVE-2024-8648
MEDIUM
GitLab 16.0.0-17.3.6, 17.4.0-17.4.3, 17.5.0-17.5.1 - Stored Cross-Site Scripting via Analytics Dashboard URL
CVSS 6.1
CVE-2024-45099
LOW
IBM Security ReaQta 3.12-3.12.11 - Stored Cross-Site Scripting in Web UI
CVSS 3.1
CVE-2024-8180
MEDIUM
GitLab 17.3.0-17.3.6, 17.4.0-17.4.3, 17.5.0-17.5.1 - Cross-Site Scripting via Vulnerability Code Flow
CVSS 5.4
CVE-2024-5920
MEDIUM
Palo Alto Networks PAN-OS 10.1.0-10.1.13 - Authenticated Stored Cross-Site Scripting via Configuration Push
CVSS 4.8
CVE-2024-45254
HIGH
VaeMendis Ubooquity 2.1.2-2.1.4 - Cross-Site Scripting
CVSS 7.5
CVE-2024-7787
MEDIUM
ITG Computer Technology vSRM <28.08.2024 - XSS
Details
Vulnerabilities
45,423
Exploit Likelihood
High