CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,423 vulnerabilities with CWE-79
CVE-2024-10851 MEDIUM
Razorpay Payment Button Plugin <= 2.4.6 - Reflected XSS via add_query_arg and remove_query_arg
CVSS 6.1
CVE-2024-10850 MEDIUM
Razorpay Payment Button Elementor Plugin <= 1.2.5 - Reflected XSS via add_query_arg and remove_query_arg
CVSS 6.1
CVE-2024-10577 MEDIUM
(Fat Rat Collect) <= 2.7.3 - Unauthenticated Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-28730 MEDIUM
DLink DWR-2000M Firmware 1.34ME - Cross-Site Scripting via VPN Configuration File Upload
CVSS 5.4
CVE-2024-28728 MEDIUM
DLink DWR-2000M 5G CPE - Stored Cross-Site Scripting via WiFi SSID Name Field
CVSS 6.6
CVE-2024-51093 HIGH
Snipe-IT 7.0.13 - Stored Cross-Site Scripting via Malicious XML File Upload
CVSS 8.7
CVE-2024-11117 MEDIUM
Google Chrome < 131.0.6778.69 - Filesystem Restriction Bypass via Crafted HTML Page
CVSS 4.3
CVE-2024-11116 MEDIUM
Google Chrome < 131.0.6778.69 - UI Spoofing via Crafted HTML Page
CVSS 4.3
CVE-2024-11115 HIGH
Google Chrome < 131.0.6778.69 - Insufficient Policy Enforcement in Navigation
CVSS 8.8
CVE-2024-11111 MEDIUM
Google Chrome < 131.0.6778.69 - UI Spoofing via Autofill
CVSS 4.3
CVE-2024-11110 MEDIUM
Google Chrome < 131.0.6778.69 - Site Isolation Bypass via Crafted Chrome Extension
CVSS 6.5
CVE-2024-10217 CRITICAL
TIBCO Hawk/TIBCO Operational Intelligence - XSS
CVE-2024-11004 MEDIUM
Ivanti Connect Secure < 22.7 and Policy Secure < 22.7 - Unauthenticated Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-10923 HIGH
OpenText ALM Octane Mgmt <24.4 - XSS
CVE-2024-11130 LOW
ZZCMS < 2023 - Cross-Site Scripting via /admin/msg.php Keyword Parameter
CVSS 2.4
CVE-2024-50561 MEDIUM
Siemens SCALANCE and RUGGEDCOM Devices < V8.2 - Authenticated Cross-Site Scripting via Filename Upload
CVSS 4.3
CVE-2024-36140 MEDIUM
OZW672 and OZW772 Firmware < 5.2 - Authenticated Stored Cross-Site Scripting in User Accounts Tab
CVSS 6.8
CVE-2024-10323 MEDIUM
JetWidgets For Elementor <= 1.0.18 - Authenticated Stored Cross-Site Scripting via REST API SVG File Upload
CVSS 6.4
CVE-2024-10179 MEDIUM
Slickstream: Engagement and Conversions <1.4.4 - XSS
CVSS 6.4
CVE-2024-9836 MEDIUM
RSS Feed Widget < 3.0.0 - Stored Cross-Site Scripting via Shortcode Attributes
CVSS 5.9
CVE-2024-9835 MEDIUM
RSS Feed Widget < 3.0.1 - Reflected Cross-Site Scripting via REQUEST_URI Parameter
CVSS 4.8
CVE-2024-9357 MEDIUM
xili-tidy-tags <= 1.12.04 - Unauthenticated Reflected Cross-Site Scripting via Action Parameter
CVSS 6.1
CVE-2024-10790 MEDIUM
Admin and Site Enhancements (ASE) <= 7.5.1 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 5.4
CVE-2024-11102 LOW
Hospital Management System 1.0 - Stored Cross-Site Scripting via Edit Doctor Name Parameter
CVSS 3.5
CVE-2024-10685 MEDIUM
Contact Form 7 Redirect & Thank You Page <= 1.0.6 - Unauthenticated Reflected Cross-Site Scripting via Tab Parameter
CVSS 6.1
Details
Vulnerabilities 45,423
Exploit Likelihood High