CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,435 vulnerabilities with CWE-79
CVE-2024-51677 MEDIUM
WebberZone Knowledge Base <2.2.0 - XSS
CVSS 6.5
CVE-2024-9147 MEDIUM
Bna Informatics PosPratik < 3.2.1 - Cross-Site Scripting via HTTP Query Strings
CVSS 6.1
CVE-2024-10761 MEDIUM
Umbraco CMS <= 10.7.7/12.3.6/13.5.2/14.3.1/15.1.1 - Cross-Site Scripting via Dashboard Preview Frame Culture Parameter
CVSS 4.3
CVE-2024-10757 LOW
PHPGurukul Online Shopping Portal 2.0 - Cross-Site Scripting via js_data.php Scripts Parameter
CVSS 3.5
CVE-2024-10756 LOW
PHPGurukul Online Shopping Portal 2.0 - Cross-Site Scripting via html_table.php Scripts Argument
CVSS 3.5
CVE-2024-10755 LOW
PHPGurukul Online Shopping Portal 2.0 - Cross-Site Scripting in empty_table.php
CVSS 3.5
CVE-2024-10754 LOW
PHPGurukul Online Shopping Portal 2.0 - Cross-Site Scripting in dymanic_table.php
CVSS 3.5
CVE-2024-10753 LOW
PHPGurukul Online Shopping Portal 2.0 - Cross-Site Scripting in dom_data_two_headers.php
CVSS 3.5
CVE-2024-10747 LOW
PHPGurukul Online Shopping Portal 2.0 - Cross-Site Scripting in dom_data_th.php
CVSS 3.5
CVE-2024-10746 LOW
PHPGurukul Online Shopping Portal 2.0 - Cross-Site Scripting in dom_data.php
CVSS 3.5
CVE-2024-10745 LOW
PHPGurukul Online Shopping Portal 2.0 - Cross-Site Scripting in deferred_table.php
CVSS 3.5
CVE-2024-10744 LOW
PHPGurukul Online Shopping Portal 2.0 - Cross-Site Scripting via complex_header_2.php Scripts Argument
CVSS 3.5
CVE-2024-10743 LOW
PHPGurukul Online Shopping Portal 2.0 - Cross-Site Scripting in editable_ajax.php
CVSS 3.5
CVE-2024-10701 LOW
PHPGurukul Car Rental Portal 1.0 - Cross-Site Scripting via search.php searchdata Parameter
CVSS 3.5
CVE-2024-9896 MEDIUM
BBP Core < 1.2.6 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg
CVSS 6.1
CVE-2024-9868 MEDIUM
Element Pack Elementor Addons <= 5.10.1 - Authenticated Stored Cross-Site Scripting via Age Gate Widget URL Parameter
CVSS 5.4
CVE-2024-8739 MEDIUM
ReCaptcha Integration for WordPress <= 1.2.5 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg
CVSS 6.1
CVE-2024-10310 MEDIUM
Element Pack Elementor Addons < 5.10.1 - Authenticated Stored XSS via Custom Gallery Widget
CVSS 6.4
CVE-2024-51492 HIGH
zusam < 0.5.6 - Stored Cross-Site Scripting via SVG File Upload
CVSS 8.8
CVE-2024-48410 MEDIUM
Camtrace 9.16.2.1 - Cross-Site Scripting via login.php
CVSS 6.1
CVE-2024-41745 MEDIUM
IBM CICS TX Standard - Unauthenticated Stored Cross-Site Scripting
CVSS 6.1
CVE-2024-51432 MEDIUM
FiberHome HG6544C RP2743 - Stored Cross-Site Scripting via SSID Field
CVSS 4.8
CVE-2024-51377 MEDIUM
Faveo Helpdesk 9.2.0 - Stored Cross-Site Scripting via Subject and Identifier Fields
CVSS 5.4
CVE-2024-43211 MEDIUM
PluginOps MailChimp Subscribe Forms <4.0.9.9 - XSS
CVSS 5.9
CVE-2024-27525 MEDIUM
Chamilo LMS 1.11.26 - Cross-Site Scripting via home.php Filename Parameter
CVSS 4.6
Details
Vulnerabilities 45,435
Exploit Likelihood High