CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,430 vulnerabilities with CWE-79
CVE-2024-20511
MEDIUM
Cisco Unified Communications Manager - Unauthenticated Stored Cross-Site Scripting via Web Interface Input
CVSS 6.1
CVE-2024-20487
MEDIUM
Cisco Identity Services Engine - Authenticated Stored Cross-Site Scripting in Web Management Interface
CVSS 4.3
CVE-2024-35146
MEDIUM
IBM Maximo Application Suite Monitor 8.10.11, 8.11.8, 9.0.0 - Unauthenticated Stored Cross-Site Scripting
CVSS 5.4
CVE-2024-10186
MEDIUM
Event post < 5.9.7 - Authenticated Stored Cross-Site Scripting via events_cal Shortcode
CVSS 6.4
CVE-2024-8323
MEDIUM
Pricing Tables WordPress Plugin <3.2.6 - XSS
CVSS 6.4
CVE-2024-10168
MEDIUM
Active Products Tables for WooCommerce < 1.0.6.4 - Authenticated Stored Cross-Site Scripting via woot_button Shortcode
CVSS 6.4
CVE-2024-10715
MEDIUM
MapPress Maps for WordPress <= 2.94.1 - Authenticated Stored Cross-Site Scripting via Map Block Attributes
CVSS 6.4
CVE-2024-9934
MEDIUM
Wp-ImageZoom < 1.1.0 - Reflected Cross-Site Scripting via Unsanitized Parameters
CVSS 6.1
CVE-2024-7879
MEDIUM
WP ULike < 4.7.5 - Authenticated Stored Cross-Site Scripting in Plugin Settings
CVSS 4.8
CVE-2024-10647
MEDIUM
WS Form LITE < 1.9.244 - Unauthenticated Reflected Cross-Site Scripting via remove_query_arg
CVSS 6.1
CVE-2024-51735
HIGH
Osmedeus <= 4.6.4 - Cross-Site Scripting in Workflow Result Report
CVE-2024-51380
HIGH
JATOS 3.9.3 - Stored Cross-Site Scripting in Properties Component UUID Field
CVSS 8.4
CVE-2024-51379
HIGH
JATOS 3.9.3 - Stored Cross-Site Scripting in Study Description Component
CVSS 8.4
CVE-2024-50335
MEDIUM
SuiteCRM < 7.14.6 - Reflected Cross-Site Scripting via Publish Key Field
CVSS 4.9
CVE-2024-49377
MEDIUM
OctoPrint <= 1.10.2 - Reflected Cross-Site Scripting in Login and Application Key Dialogs
CVSS 5.5
CVE-2024-48312
MEDIUM
WebLaudos v20.8 (118) - Cross-Site Scripting via Login Page
CVSS 5.4
CVE-2024-10842
LOW
romadebrian WEB-Sekolah 1.0 - Cross-Site Scripting via Username_Baru/Password Parameter
CVSS 2.4
CVE-2024-10840
LOW
romadebrian WEB-Sekolah 1.0 - Cross-Site Scripting via kode Parameter in Backend
CVSS 2.4
CVE-2024-9867
MEDIUM
Element Pack Elementor Addons <= 5.10.2 - Authenticated Stored Cross-Site Scripting via Open Map Widget Marker Content
CVSS 5.4
CVE-2024-9657
MEDIUM
Element Pack Elementor Addons <= 5.10.2 - Authenticated Stored Cross-Site Scripting via Tooltip Parameter
CVSS 6.5
CVE-2024-9178
MEDIUM
XT Floating Cart for WooCommerce <= 2.8.2 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-9878
MEDIUM
Photo Gallery by 10Web < 1.8.30 - Authenticated Stored Cross-Site Scripting via Admin Settings
CVSS 4.4
CVE-2024-9667
MEDIUM
Seriously Simple Podcasting <= 3.5.0 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg
CVSS 6.1
CVE-2024-9443
MEDIUM
Basticom Framework <= 1.5.0 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-9883
MEDIUM
Pods WordPress Plugin < 3.2.7.1 - Authenticated Stored Cross-Site Scripting in Settings
CVSS 4.8
Details
Vulnerabilities
45,430
Exploit Likelihood
High