CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,423 vulnerabilities with CWE-79
CVE-2024-10538
MEDIUM
Happy Addons for Elementor <= 3.12.5 - Authenticated Stored Cross-Site Scripting via Image Comparison Widget
CVSS 6.4
CVE-2024-51213
MEDIUM
Online Shop Store 1.0 - Cross-Site Scripting via login.php
CVSS 6.1
CVE-2024-50601
MEDIUM
Axigen Mail Server <= 10.5.28 - Stored and Reflected Cross-Site Scripting via ThemeMode Cookie and _h URL Parameter
CVSS 6.1
CVE-2024-51026
MEDIUM
NetAdmin IAM 4.0.30319 - Cross-Site Scripting via BalloonSave.ashx Content Parameter
CVSS 5.4
CVE-2024-52286
LOW
Stirling-PDF < 0.32.0 - Unauthenticated Stored Cross-Site Scripting via Merge Filename
CVE-2024-51490
MEDIUM
Ampache - Stored Cross-Site Scripting via Custom URL Logo Input
CVSS 5.5
CVE-2024-51486
MEDIUM
Ampache - Stored Cross-Site Scripting via Custom URL Favicon Input
CVSS 5.5
CVE-2024-51190
MEDIUM
TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, TEW-652BRU 1.00b12 - Stored XSS via ptRule_ApplicationName_1.1.6.0.0
CVSS 4.8
CVE-2024-51189
MEDIUM
TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, TEW-652BRU 1.00b12 - Stored XSS via macList_Name_1.1.1.0.0
CVSS 4.8
CVE-2024-51188
MEDIUM
TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, TEW-652BRU 1.00b12 - Stored XSS via Virtual Server Name
CVSS 4.8
CVE-2024-51187
MEDIUM
TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, TEW-652BRU 1.00b12 - Stored XSS via Firewall Rule Name
CVSS 4.8
CVE-2024-11078
LOW
Job Recruitment 1.0 - Cross-Site Scripting via /register.php e/role Parameter
CVSS 3.5
CVE-2024-51135
CRITICAL
powertac-server 1.9.0 - XML External Entity Injection via DocumentBuilderFactory
CVSS 9.8
CVE-2024-45087
MEDIUM
IBM WebSphere App Server 8.5-9.0 - XSS
CVSS 4.8
CVE-2024-45088
MEDIUM
IBM Maximo Asset Mgmt <7.6.1.3 - XSS
CVSS 6.4
CVE-2024-43439
MEDIUM
Moodle < 4.1.12 - Reflected Cross-Site Scripting in H5P Error Messages
CVSS 5.4
CVE-2024-51054
MEDIUM
PHPGurukul Online Marriage Registration System 1.0 - Cross-Site Scripting via Search Parameter
CVSS 4.8
CVE-2024-50991
MEDIUM
PHPGurukul User Management System v1.0 - Stored Cross-Site Scripting via fname Parameter
CVSS 4.8
CVE-2024-50990
MEDIUM
PHPGurukul Online Marriage Registration System 1.0 - Reflected Cross-Site Scripting via searchdata Parameter
CVSS 6.1
CVE-2024-11070
LOW
PublicCMS 5.202406.d - Cross-Site Scripting in Tag Type Handler via Name Argument
CVSS 3.5
CVE-2024-43437
MEDIUM
moodle <4.1.12 and 4.4.0-4.4.2 - Stored Cross-Site Scripting via Malicious Backup File Restore
CVSS 5.4
CVE-2024-11021
MEDIUM
Vice Webopac 6-6.5.1 - Stored Cross-Site Scripting
CVSS 5.4
CVE-2024-52355
MEDIUM
Hyumika OSM - Cross-Site Scripting
CVSS 6.5
CVE-2024-52354
MEDIUM
Cool Plugins Web Stories Widgets For Elementor - XSS
CVSS 6.5
CVE-2024-52353
MEDIUM
Christian Science Bible Lesson Subjects <2.0 - XSS
CVSS 6.5
Details
Vulnerabilities
45,423
Exploit Likelihood
High