CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,440 vulnerabilities with CWE-79
CVE-2024-49703 MEDIUM
MagePeople Team Event Manager for WooCommerce <4.2.5 - XSS
CVSS 6.5
CVE-2024-9650 MEDIUM
WP Recipe Maker <= 9.6.1 - Authenticated Stored Cross-Site Scripting via Tooltip Parameter
CVSS 6.5
CVE-2024-9214 MEDIUM
Extra Product Options Builder for WooCommerce <= 1.2.133 - Stored XSS via RednaoSerializedFields
CVSS 6.1
CVE-2024-10176 MEDIUM
Compact WP Audio Player <1.9.13 - XSS
CVSS 6.4
CVE-2024-8312 HIGH
GitLab 15.10-17.3.6, 17.4-17.4.3, 17.5-17.5.1 - Cross-Site Scripting via Global Search Field on Diff View
CVSS 8.7
CVE-2024-8717 MEDIUM
Dear Flipbook <= 2.3.32 - Unauthenticated Reflected XSS via pdf_source Parameter
CVSS 6.1
CVE-2024-9865 MEDIUM
EventPrime <= 4.0.4.7 - Unauthenticated Stored XSS via Booking Attendee Fields
CVSS 6.1
CVE-2024-9864 MEDIUM
EventPrime <= 4.0.4.7 - Unauthenticated Stored XSS via Ticket Names
CVSS 6.1
CVE-2024-9374 MEDIUM
Terms descriptions plugin for WordPress <3.4.6 - XSS
CVSS 6.1
CVE-2024-20415 MEDIUM
Cisco Firepower Management Center - XSS
CVSS 4.8
CVE-2024-20410 MEDIUM
Cisco Firepower Management Center - XSS
CVSS 5.4
CVE-2024-20409 MEDIUM
Cisco Firepower Management Center - XSS
CVSS 4.8
CVE-2024-20403 MEDIUM
Cisco Firepower Management Center - XSS
CVSS 4.8
CVE-2024-20387 MEDIUM
Cisco Firepower Management Center - Authenticated Stored Cross-Site Scripting
CVSS 5.4
CVE-2024-20386 MEDIUM
Cisco Firepower Management Center - XSS
CVSS 4.8
CVE-2024-20377 MEDIUM
Cisco Firepower Management Center - XSS
CVSS 5.4
CVE-2024-20372 MEDIUM
Cisco Firepower Management Center - XSS
CVSS 6.1
CVE-2024-20364 MEDIUM
Cisco Firepower Management Center - XSS
CVSS 4.8
CVE-2024-20341 MEDIUM
Cisco Adaptive Security Appliance Software - Unauthenticated Cross-Site Scripting via VPN Web Client Services
CVSS 6.1
CVE-2024-20300 MEDIUM
Cisco Firepower Management Center - XSS
CVSS 4.8
CVE-2024-20298 MEDIUM
Cisco Firepower Management Center - XSS
CVSS 4.8
CVE-2024-20274 MEDIUM
Cisco Secure Firewall Management Center - XSS
CVSS 5.5
CVE-2024-20273 MEDIUM
Cisco Firepower Management Center - XSS
CVSS 6.1
CVE-2024-20269 MEDIUM
Cisco Firepower Management Center - XSS
CVSS 4.8
CVE-2024-20264 MEDIUM
Cisco Firepower Management Center - XSS
CVSS 4.8
Details
Vulnerabilities 45,440
Exploit Likelihood High