CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,435 vulnerabilities with CWE-79
CVE-2024-27524 HIGH
Chamilo LMS 1.11.26 - Cross-Site Scripting via new_ticket.php Filename Parameter
CVSS 7.1
CVE-2024-10367 MEDIUM
Otter Blocks < 3.0.4 - Authenticated Stored Cross-Site Scripting via REST API SVG File Upload
CVSS 6.4
CVE-2024-10652 MEDIUM
IDExpert 2.5-2.8 - Unauthenticated Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-10232 MEDIUM
Group Chat & Video Chat by AtomChat <1.1.5 - XSS
CVSS 6.4
CVE-2024-9655 MEDIUM
Gutenberg Blocks with AI by Kadence WP < 3.3.2 - Authenticated Stored Cross-Site Scripting via Icon Widget
CVSS 6.4
CVE-2024-6480 MEDIUM
SIP Reviews Shortcode - WooCommerce <1.2.3 - XSS
CVSS 6.4
CVE-2024-42515 CRITICAL
glossarizer <= 1.5.2 - Stored Cross-Site Scripting via Glossary Entry Injection
CVSS 9.9
CVE-2024-51430 MEDIUM
online diagnostic lab management system using php 1.0 - Cross-Site Scripting via Test Name Parameter
CVSS 6.4
CVE-2024-43933 MEDIUM
WPMobile.App <= 11.48 - Stored Cross-Site Scripting
CVSS 4.3
CVE-2024-9446 MEDIUM
WP Simple Anchors Links <1.0.0 - XSS
CVSS 6.4
CVE-2024-9165 MEDIUM
WooCommerce Gift Cards <=4.4.4 - Authenticated Stored XSS via SVG Upload
CVSS 6.4
CVE-2024-9708 MEDIUM
Easy SVG Upload < 1.1 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-10086 MEDIUM
Consul 1.4.1-1.15.14, 1.16.0-1.19.9 - Reflected Cross-Site Scripting via Content-Type Header Manipulation
CVSS 6.1
CVE-2024-51419 MEDIUM
Ofweek Online Exhibition <1.0.0 - XSS
CVSS 6.1
CVE-2024-48807 MEDIUM
PHPGurukul Doctor Appointment Management System 1.0 - Cross-Site Scripting via Search Parameter
CVSS 5.4
CVE-2024-48648 MEDIUM
Sage FRP 1000 7.0.0 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-48569 MEDIUM
Proactive Risk Manager <9.1.1.0 - XSS
CVSS 5.4
CVE-2024-31975 MEDIUM
EnGenius EWS356-Fit Firmware <= 1.1.30 - Stored Cross-Site Scripting via Wi-Fi SSID Parameter
CVSS 4.8
CVE-2024-31973 MEDIUM
Hitron CODA-4582 2AHKM-CODA4589 7.2.4.5.1b8 - Stored Cross-Site Scripting via Network Name (SSID) Input
CVSS 5.2
CVE-2024-31972 MEDIUM
EnGenius ESR580 A8J-EMR5000 - Stored Cross-Site Scripting via Wi-Fi SSID Input Fields
CVSS 4.3
CVE-2024-9110 MEDIUM
BeyondTrust Privileged Identity < 7.4.2 - Reflected Cross-Site Scripting
CVSS 6.4
CVE-2024-9388 MEDIUM
Black Widgets For Elementor <= 1.3.7 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-8444 MEDIUM
Download Manager < 3.3.00 - Cross-Site Scripting via Shortcode Parameters
CVSS 5.4
CVE-2024-10223 MEDIUM
WordPress Team Member Plugin <1.1.4 - XSS
CVSS 6.4
CVE-2024-10108 HIGH
WPAdverts - Classifieds Plugin <2.1.6 - XSS
CVSS 7.2
Details
Vulnerabilities 45,435
Exploit Likelihood High