CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,435 vulnerabilities with CWE-79
CVE-2024-27524
HIGH
Chamilo LMS 1.11.26 - Cross-Site Scripting via new_ticket.php Filename Parameter
CVSS 7.1
CVE-2024-10367
MEDIUM
Otter Blocks < 3.0.4 - Authenticated Stored Cross-Site Scripting via REST API SVG File Upload
CVSS 6.4
CVE-2024-10652
MEDIUM
IDExpert 2.5-2.8 - Unauthenticated Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-10232
MEDIUM
Group Chat & Video Chat by AtomChat <1.1.5 - XSS
CVSS 6.4
CVE-2024-9655
MEDIUM
Gutenberg Blocks with AI by Kadence WP < 3.3.2 - Authenticated Stored Cross-Site Scripting via Icon Widget
CVSS 6.4
CVE-2024-6480
MEDIUM
SIP Reviews Shortcode - WooCommerce <1.2.3 - XSS
CVSS 6.4
CVE-2024-42515
CRITICAL
glossarizer <= 1.5.2 - Stored Cross-Site Scripting via Glossary Entry Injection
CVSS 9.9
CVE-2024-51430
MEDIUM
online diagnostic lab management system using php 1.0 - Cross-Site Scripting via Test Name Parameter
CVSS 6.4
CVE-2024-43933
MEDIUM
WPMobile.App <= 11.48 - Stored Cross-Site Scripting
CVSS 4.3
CVE-2024-9446
MEDIUM
WP Simple Anchors Links <1.0.0 - XSS
CVSS 6.4
CVE-2024-9165
MEDIUM
WooCommerce Gift Cards <=4.4.4 - Authenticated Stored XSS via SVG Upload
CVSS 6.4
CVE-2024-9708
MEDIUM
Easy SVG Upload < 1.1 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-10086
MEDIUM
Consul 1.4.1-1.15.14, 1.16.0-1.19.9 - Reflected Cross-Site Scripting via Content-Type Header Manipulation
CVSS 6.1
CVE-2024-51419
MEDIUM
Ofweek Online Exhibition <1.0.0 - XSS
CVSS 6.1
CVE-2024-48807
MEDIUM
PHPGurukul Doctor Appointment Management System 1.0 - Cross-Site Scripting via Search Parameter
CVSS 5.4
CVE-2024-48648
MEDIUM
Sage FRP 1000 7.0.0 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-48569
MEDIUM
Proactive Risk Manager <9.1.1.0 - XSS
CVSS 5.4
CVE-2024-31975
MEDIUM
EnGenius EWS356-Fit Firmware <= 1.1.30 - Stored Cross-Site Scripting via Wi-Fi SSID Parameter
CVSS 4.8
CVE-2024-31973
MEDIUM
Hitron CODA-4582 2AHKM-CODA4589 7.2.4.5.1b8 - Stored Cross-Site Scripting via Network Name (SSID) Input
CVSS 5.2
CVE-2024-31972
MEDIUM
EnGenius ESR580 A8J-EMR5000 - Stored Cross-Site Scripting via Wi-Fi SSID Input Fields
CVSS 4.3
CVE-2024-9110
MEDIUM
BeyondTrust Privileged Identity < 7.4.2 - Reflected Cross-Site Scripting
CVSS 6.4
CVE-2024-9388
MEDIUM
Black Widgets For Elementor <= 1.3.7 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-8444
MEDIUM
Download Manager < 3.3.00 - Cross-Site Scripting via Shortcode Parameters
CVSS 5.4
CVE-2024-10223
MEDIUM
WordPress Team Member Plugin <1.1.4 - XSS
CVSS 6.4
CVE-2024-10108
HIGH
WPAdverts - Classifieds Plugin <2.1.6 - XSS
CVSS 7.2
Details
Vulnerabilities
45,435
Exploit Likelihood
High