CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,423 vulnerabilities with CWE-79
CVE-2024-10851
MEDIUM
Razorpay Payment Button Plugin <= 2.4.6 - Reflected XSS via add_query_arg and remove_query_arg
CVSS 6.1
CVE-2024-10850
MEDIUM
Razorpay Payment Button Elementor Plugin <= 1.2.5 - Reflected XSS via add_query_arg and remove_query_arg
CVSS 6.1
CVE-2024-10577
MEDIUM
(Fat Rat Collect) <= 2.7.3 - Unauthenticated Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-28730
MEDIUM
DLink DWR-2000M Firmware 1.34ME - Cross-Site Scripting via VPN Configuration File Upload
CVSS 5.4
CVE-2024-28728
MEDIUM
DLink DWR-2000M 5G CPE - Stored Cross-Site Scripting via WiFi SSID Name Field
CVSS 6.6
CVE-2024-51093
HIGH
Snipe-IT 7.0.13 - Stored Cross-Site Scripting via Malicious XML File Upload
CVSS 8.7
CVE-2024-11117
MEDIUM
Google Chrome < 131.0.6778.69 - Filesystem Restriction Bypass via Crafted HTML Page
CVSS 4.3
CVE-2024-11116
MEDIUM
Google Chrome < 131.0.6778.69 - UI Spoofing via Crafted HTML Page
CVSS 4.3
CVE-2024-11115
HIGH
Google Chrome < 131.0.6778.69 - Insufficient Policy Enforcement in Navigation
CVSS 8.8
CVE-2024-11111
MEDIUM
Google Chrome < 131.0.6778.69 - UI Spoofing via Autofill
CVSS 4.3
CVE-2024-11110
MEDIUM
Google Chrome < 131.0.6778.69 - Site Isolation Bypass via Crafted Chrome Extension
CVSS 6.5
CVE-2024-10217
CRITICAL
TIBCO Hawk/TIBCO Operational Intelligence - XSS
CVE-2024-11004
MEDIUM
Ivanti Connect Secure < 22.7 and Policy Secure < 22.7 - Unauthenticated Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-10923
HIGH
OpenText ALM Octane Mgmt <24.4 - XSS
CVE-2024-11130
LOW
ZZCMS < 2023 - Cross-Site Scripting via /admin/msg.php Keyword Parameter
CVSS 2.4
CVE-2024-50561
MEDIUM
Siemens SCALANCE and RUGGEDCOM Devices < V8.2 - Authenticated Cross-Site Scripting via Filename Upload
CVSS 4.3
CVE-2024-36140
MEDIUM
OZW672 and OZW772 Firmware < 5.2 - Authenticated Stored Cross-Site Scripting in User Accounts Tab
CVSS 6.8
CVE-2024-10323
MEDIUM
JetWidgets For Elementor <= 1.0.18 - Authenticated Stored Cross-Site Scripting via REST API SVG File Upload
CVSS 6.4
CVE-2024-10179
MEDIUM
Slickstream: Engagement and Conversions <1.4.4 - XSS
CVSS 6.4
CVE-2024-9836
MEDIUM
RSS Feed Widget < 3.0.0 - Stored Cross-Site Scripting via Shortcode Attributes
CVSS 5.9
CVE-2024-9835
MEDIUM
RSS Feed Widget < 3.0.1 - Reflected Cross-Site Scripting via REQUEST_URI Parameter
CVSS 4.8
CVE-2024-9357
MEDIUM
xili-tidy-tags <= 1.12.04 - Unauthenticated Reflected Cross-Site Scripting via Action Parameter
CVSS 6.1
CVE-2024-10790
MEDIUM
Admin and Site Enhancements (ASE) <= 7.5.1 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 5.4
CVE-2024-11102
LOW
Hospital Management System 1.0 - Stored Cross-Site Scripting via Edit Doctor Name Parameter
CVSS 3.5
CVE-2024-10685
MEDIUM
Contact Form 7 Redirect & Thank You Page <= 1.0.6 - Unauthenticated Reflected Cross-Site Scripting via Tab Parameter
CVSS 6.1
Details
Vulnerabilities
45,423
Exploit Likelihood
High