CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,430 vulnerabilities with CWE-79
CVE-2024-10187
MEDIUM
myCred < 2.7.5 - Authenticated Stored Cross-Site Scripting via mycred_link Shortcode
CVSS 6.4
CVE-2024-10269
MEDIUM
Easy SVG Support <= 3.7 - Authenticated Stored Cross-Site Scripting via REST API SVG File Upload
CVSS 6.4
CVE-2024-7982
CRITICAL
The Registrations for the Events Calendar <2.12.4 - XSS
CVSS 9.6
CVE-2024-51434
MEDIUM
Froala WYSIWYG Editor <= 4.3.0 - Cross-Site Scripting via Plaintext Tag Parsing
CVSS 6.1
CVE-2024-49524
MEDIUM
Adobe Experience Manager <6.5.20 - XSS
CVSS 5.4
CVE-2024-49523
MEDIUM
Adobe Experience Manager <6.5.20 - XSS
CVSS 5.4
CVE-2024-36064
MEDIUM
com.nll.cb <0.330-playStore-NoAccessibility-arm8 - RCE
CVSS 6.2
CVE-2024-50599
MEDIUM
Zimbra Collaboration Suite 8.8.15 - Reflected Cross-Site Scripting in Webmail Calendar Endpoint
CVSS 6.1
CVE-2024-51994
MEDIUM
Combodo iTop < 2.7.11 - Stored Cross-Site Scripting via Text File Upload
CVSS 5.4
CVE-2024-51989
HIGH
PasswordPusher 1.41.1-1.48.0 - Stored Cross-Site Scripting via Account Confirmation Link
CVSS 7.1
CVE-2024-8442
MEDIUM
Prime Slider - WordPress <3.15.18 - XSS
CVSS 6.4
CVE-2024-10027
MEDIUM
WP Booking Calendar < 10.6.3 - Authenticated Stored Cross-Site Scripting via Widget Settings
CVSS 4.8
CVE-2024-10928
LOW
monocms < 2024-05-28 - Cross-Site Scripting via filtcategory/filtstatus Parameter in opensaved.php
CVSS 3.5
CVE-2024-10927
LOW
monocms < 2024-05-28 - Cross-Site Scripting via account.php userid Parameter
CVSS 3.5
CVE-2024-10926
LOW
IBPhoenix ibWebAdmin <= 1.0.2 - Cross-Site Scripting via toggle_fold_panel.php p Parameter
CVSS 3.5
CVE-2024-51757
CRITICAL
happy-dom < 15.10.2 - Cross-Site Scripting via Script Tag Execution
CVE-2024-50637
MEDIUM
UnoPim < 0.1.4 - Stored Cross-Site Scripting via SVG Upload in Create User Function
CVSS 5.4
CVE-2024-20540
MEDIUM
Cisco Unified Contact Center Management Portal < 12.6(1)_es14 - Authenticated Stored Cross-Site Scripting
CVSS 5.4
CVE-2024-20539
MEDIUM
Cisco Identity Services Engine - Authenticated Stored Cross-Site Scripting in Web Management Interface
CVSS 4.8
CVE-2024-20538
MEDIUM
Cisco Identity Services Engine - Unauthenticated Stored Cross-Site Scripting
CVSS 6.1
CVE-2024-20534
MEDIUM
Cisco IP Phone 6800/7800/8800/9800 & Video Phone 8875 - Authenticated Stored XSS in Web UI
CVSS 4.8
CVE-2024-20533
MEDIUM
Cisco IP Phone 6800/7800/8800/9800 Series & Video Phone 8875 Stored XSS
CVSS 4.8
CVE-2024-20530
MEDIUM
Cisco Identity Services Engine - Unauthenticated Stored Cross-Site Scripting
CVSS 6.1
CVE-2024-20525
MEDIUM
Cisco Identity Services Engine - Unauthenticated Stored Cross-Site Scripting
CVSS 6.1
CVE-2024-20514
MEDIUM
Cisco EPNM/Prime Infrastructure - XSS
CVSS 5.4
Details
Vulnerabilities
45,430
Exploit Likelihood
High