CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,435 vulnerabilities with CWE-79
CVE-2024-51677
MEDIUM
WebberZone Knowledge Base <2.2.0 - XSS
CVSS 6.5
CVE-2024-9147
MEDIUM
Bna Informatics PosPratik < 3.2.1 - Cross-Site Scripting via HTTP Query Strings
CVSS 6.1
CVE-2024-10761
MEDIUM
Umbraco CMS <= 10.7.7/12.3.6/13.5.2/14.3.1/15.1.1 - Cross-Site Scripting via Dashboard Preview Frame Culture Parameter
CVSS 4.3
CVE-2024-10757
LOW
PHPGurukul Online Shopping Portal 2.0 - Cross-Site Scripting via js_data.php Scripts Parameter
CVSS 3.5
CVE-2024-10756
LOW
PHPGurukul Online Shopping Portal 2.0 - Cross-Site Scripting via html_table.php Scripts Argument
CVSS 3.5
CVE-2024-10755
LOW
PHPGurukul Online Shopping Portal 2.0 - Cross-Site Scripting in empty_table.php
CVSS 3.5
CVE-2024-10754
LOW
PHPGurukul Online Shopping Portal 2.0 - Cross-Site Scripting in dymanic_table.php
CVSS 3.5
CVE-2024-10753
LOW
PHPGurukul Online Shopping Portal 2.0 - Cross-Site Scripting in dom_data_two_headers.php
CVSS 3.5
CVE-2024-10747
LOW
PHPGurukul Online Shopping Portal 2.0 - Cross-Site Scripting in dom_data_th.php
CVSS 3.5
CVE-2024-10746
LOW
PHPGurukul Online Shopping Portal 2.0 - Cross-Site Scripting in dom_data.php
CVSS 3.5
CVE-2024-10745
LOW
PHPGurukul Online Shopping Portal 2.0 - Cross-Site Scripting in deferred_table.php
CVSS 3.5
CVE-2024-10744
LOW
PHPGurukul Online Shopping Portal 2.0 - Cross-Site Scripting via complex_header_2.php Scripts Argument
CVSS 3.5
CVE-2024-10743
LOW
PHPGurukul Online Shopping Portal 2.0 - Cross-Site Scripting in editable_ajax.php
CVSS 3.5
CVE-2024-10701
LOW
PHPGurukul Car Rental Portal 1.0 - Cross-Site Scripting via search.php searchdata Parameter
CVSS 3.5
CVE-2024-9896
MEDIUM
BBP Core < 1.2.6 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg
CVSS 6.1
CVE-2024-9868
MEDIUM
Element Pack Elementor Addons <= 5.10.1 - Authenticated Stored Cross-Site Scripting via Age Gate Widget URL Parameter
CVSS 5.4
CVE-2024-8739
MEDIUM
ReCaptcha Integration for WordPress <= 1.2.5 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg
CVSS 6.1
CVE-2024-10310
MEDIUM
Element Pack Elementor Addons < 5.10.1 - Authenticated Stored XSS via Custom Gallery Widget
CVSS 6.4
CVE-2024-51492
HIGH
zusam < 0.5.6 - Stored Cross-Site Scripting via SVG File Upload
CVSS 8.8
CVE-2024-48410
MEDIUM
Camtrace 9.16.2.1 - Cross-Site Scripting via login.php
CVSS 6.1
CVE-2024-41745
MEDIUM
IBM CICS TX Standard - Unauthenticated Stored Cross-Site Scripting
CVSS 6.1
CVE-2024-51432
MEDIUM
FiberHome HG6544C RP2743 - Stored Cross-Site Scripting via SSID Field
CVSS 4.8
CVE-2024-51377
MEDIUM
Faveo Helpdesk 9.2.0 - Stored Cross-Site Scripting via Subject and Identifier Fields
CVSS 5.4
CVE-2024-43211
MEDIUM
PluginOps MailChimp Subscribe Forms <4.0.9.9 - XSS
CVSS 5.9
CVE-2024-27525
MEDIUM
Chamilo LMS 1.11.26 - Cross-Site Scripting via home.php Filename Parameter
CVSS 4.6
Details
Vulnerabilities
45,435
Exploit Likelihood
High