CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,423 vulnerabilities with CWE-79
CVE-2024-10146
MEDIUM
Simple File List < 6.1.13 - Reflected Cross-Site Scripting via Unsanitized URL Attribute
CVSS 5.4
CVE-2024-5083
MEDIUM
Sonatype Nexus Repository <2.15.1 - XSS
CVE-2024-52552
HIGH
Jenkins Authorize Project Plugin < 1.7.2 - Stored Cross-Site Scripting via Job Name Evaluation
CVSS 8.0
CVE-2024-45879
MEDIUM
baltic-it TOPqw Webportal v1.35.287.1 - XSS
CVSS 5.4
CVE-2024-45878
MEDIUM
baltic-it TOPqw Webportal <1.35.291 - XSS
CVSS 5.4
CVE-2024-42834
MEDIUM
Incognito Service Activation Center UI 14.11 - Stored XSS via Create Customer API
CVSS 5.4
CVE-2024-49379
MEDIUM
Umbrel < 1.2.2 - Reflected Cross-Site Scripting via Redirect Parameter
CVE-2024-45594
HIGH
Decidim 0.28.0-0.28.2 - Cross-Site Scripting via Meeting Embed URL
CVSS 7.7
CVE-2024-52300
CRITICAL
XWiki PDF Viewer Macro < 2.5.6 - Stored Cross-Site Scripting via Width Parameter
CVSS 9.0
CVE-2024-50969
MEDIUM
Code-projects Jonnys Liquor 1.0 - Reflected Cross-Site Scripting via Search Parameter
CVSS 6.1
CVE-2024-11175
LOW
PublicCMS 5.202406.d - Cross-Site Scripting in Voting Management
CVSS 3.5
CVE-2024-9477
MEDIUM
AirTies Air4443 Firmware <= 14102024 - Cross-Site Scripting
CVSS 6.1
CVE-2024-49505
MEDIUM
openSUSE Tumbleweed MirrorCache <1.083 - XSS
CVSS 6.1
CVE-2024-9682
MEDIUM
Royal Elementor Addons and Templates < 1.7.1001 - Authenticated Stored Cross-Site Scripting via Form Builder Widget
CVSS 6.4
CVE-2024-9668
MEDIUM
Royal Elementor Addons and Templates <= 1.7.1001 - Authenticated Stored Cross-Site Scripting via Countdown Widget
CVSS 6.4
CVE-2024-9059
MEDIUM
Royal Elementor Addons and Templates <= 1.7.1001 - Authenticated Stored Cross-Site Scripting via Google Maps Widget
CVSS 6.4
CVE-2024-10877
MEDIUM
AFI - The Easiest Integration Plugin <= 1.92.0 - Reflected XSS via add_query_arg and remove_query_arg
CVSS 6.1
CVE-2024-52268
MEDIUM
VK All in One Expansion Unit <9.100.1.0 - XSS
CVSS 4.8
CVE-2024-10882
MEDIUM
Product Delivery Date for WooCommerce - Lite <2.8.0 - XSS
CVSS 6.1
CVE-2024-10684
MEDIUM
Kognetiks Chatbot for WordPress <= 2.1.7 - Unauthenticated Reflected Cross-Site Scripting via 'dir' Parameter
CVSS 6.1
CVE-2024-9614
MEDIUM
Constant Contact Forms by MailMunch <= 2.1.2 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg
CVSS 6.1
CVE-2024-9426
MEDIUM
Aqua SVG Sprite <= 3.0.14 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-8985
MEDIUM
Social Proof (Testimonial) Slider <2.2.4 - XSS
CVSS 6.4
CVE-2024-8874
MEDIUM
AJAX Login and Registration modal popup + inline form <= 2.24 - Reflected XSS via add_query_arg
CVSS 6.1
CVE-2024-10887
MEDIUM
NiceJob <= 3.7.1 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
Details
Vulnerabilities
45,423
Exploit Likelihood
High