CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,430 vulnerabilities with CWE-79
CVE-2024-10187 MEDIUM
myCred < 2.7.5 - Authenticated Stored Cross-Site Scripting via mycred_link Shortcode
CVSS 6.4
CVE-2024-10269 MEDIUM
Easy SVG Support <= 3.7 - Authenticated Stored Cross-Site Scripting via REST API SVG File Upload
CVSS 6.4
CVE-2024-7982 CRITICAL
The Registrations for the Events Calendar <2.12.4 - XSS
CVSS 9.6
CVE-2024-51434 MEDIUM
Froala WYSIWYG Editor <= 4.3.0 - Cross-Site Scripting via Plaintext Tag Parsing
CVSS 6.1
CVE-2024-49524 MEDIUM
Adobe Experience Manager <6.5.20 - XSS
CVSS 5.4
CVE-2024-49523 MEDIUM
Adobe Experience Manager <6.5.20 - XSS
CVSS 5.4
CVE-2024-36064 MEDIUM
com.nll.cb <0.330-playStore-NoAccessibility-arm8 - RCE
CVSS 6.2
CVE-2024-50599 MEDIUM
Zimbra Collaboration Suite 8.8.15 - Reflected Cross-Site Scripting in Webmail Calendar Endpoint
CVSS 6.1
CVE-2024-51994 MEDIUM
Combodo iTop < 2.7.11 - Stored Cross-Site Scripting via Text File Upload
CVSS 5.4
CVE-2024-51989 HIGH
PasswordPusher 1.41.1-1.48.0 - Stored Cross-Site Scripting via Account Confirmation Link
CVSS 7.1
CVE-2024-8442 MEDIUM
Prime Slider - WordPress <3.15.18 - XSS
CVSS 6.4
CVE-2024-10027 MEDIUM
WP Booking Calendar < 10.6.3 - Authenticated Stored Cross-Site Scripting via Widget Settings
CVSS 4.8
CVE-2024-10928 LOW
monocms < 2024-05-28 - Cross-Site Scripting via filtcategory/filtstatus Parameter in opensaved.php
CVSS 3.5
CVE-2024-10927 LOW
monocms < 2024-05-28 - Cross-Site Scripting via account.php userid Parameter
CVSS 3.5
CVE-2024-10926 LOW
IBPhoenix ibWebAdmin <= 1.0.2 - Cross-Site Scripting via toggle_fold_panel.php p Parameter
CVSS 3.5
CVE-2024-51757 CRITICAL
happy-dom < 15.10.2 - Cross-Site Scripting via Script Tag Execution
CVE-2024-50637 MEDIUM
UnoPim < 0.1.4 - Stored Cross-Site Scripting via SVG Upload in Create User Function
CVSS 5.4
CVE-2024-20540 MEDIUM
Cisco Unified Contact Center Management Portal < 12.6(1)_es14 - Authenticated Stored Cross-Site Scripting
CVSS 5.4
CVE-2024-20539 MEDIUM
Cisco Identity Services Engine - Authenticated Stored Cross-Site Scripting in Web Management Interface
CVSS 4.8
CVE-2024-20538 MEDIUM
Cisco Identity Services Engine - Unauthenticated Stored Cross-Site Scripting
CVSS 6.1
CVE-2024-20534 MEDIUM
Cisco IP Phone 6800/7800/8800/9800 & Video Phone 8875 - Authenticated Stored XSS in Web UI
CVSS 4.8
CVE-2024-20533 MEDIUM
Cisco IP Phone 6800/7800/8800/9800 Series & Video Phone 8875 Stored XSS
CVSS 4.8
CVE-2024-20530 MEDIUM
Cisco Identity Services Engine - Unauthenticated Stored Cross-Site Scripting
CVSS 6.1
CVE-2024-20525 MEDIUM
Cisco Identity Services Engine - Unauthenticated Stored Cross-Site Scripting
CVSS 6.1
CVE-2024-20514 MEDIUM
Cisco EPNM/Prime Infrastructure - XSS
CVSS 5.4
Details
Vulnerabilities 45,430
Exploit Likelihood High