CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,440 vulnerabilities with CWE-79
CVE-2024-49751
LOW
Press <5d118a902872d7941f099ad1fb918e2421e79ccc - XSS
CVE-2024-10250
MEDIUM
Nioland <= 1.2.6 - Reflected Cross-Site Scripting via 's' Parameter
CVSS 6.1
CVE-2024-10289
MEDIUM
LocalServer 1.0.9 - Cross-Site Scripting via MSubListName Parameter
CVSS 6.1
CVE-2024-10288
MEDIUM
LocalServer 1.0.9 - Cross-Site Scripting via /mlss/SubscribeToList ListName Parameter
CVSS 6.1
CVE-2024-10287
MEDIUM
LocalServer 1.0.9 - Cross-Site Scripting via ForgotPassword ListName Parameter
CVSS 6.1
CVE-2024-10286
MEDIUM
LocalServer 1.0.9 - Cross-Site Scripting via /testmail/index.php to Parameter
CVSS 6.1
CVE-2024-8500
MEDIUM
WP Shortcodes Plugin - Shortcodes Ultimate <= 7.2.2 - Authenticated Stored Cross-Site Scripting
CVSS 5.4
CVE-2024-10276
LOW
Telestream Sentry 6.0.9 - Cross-Site Scripting via Reports Page z Parameter
CVSS 3.5
CVE-2024-48656
MEDIUM
student_management_system 1.0.0 - Cross-Site Scripting
CVSS 4.8
CVE-2024-48652
MEDIUM
camaleon_cms 2.7.5 - Stored Cross-Site Scripting via Content Group Name Field
CVSS 4.8
CVE-2024-48415
MEDIUM
Loan Management System 1.0 - Stored Cross-Site Scripting via New Borrower Parameters
CVSS 5.0
CVE-2024-46482
HIGH
Ladybird Web Solution Faveo-Helpdesk <2.0.3 - RCE
CVSS 8.2
CVE-2024-49211
MEDIUM
Archer 6.3.0.0-2024.08 - Unauthenticated Reflected Cross-Site Scripting in Dashboard Listing Page
CVSS 5.2
CVE-2024-49210
MEDIUM
Archer 6.3.0.0-2024.09 - Unauthenticated Reflected Cross-Site Scripting in iView List UX Page
CVSS 5.2
CVE-2024-48708
MEDIUM
Collabtive 3.1 - Stored Cross-Site Scripting via Name Parameter in Tasklist and Admin Actions
CVSS 5.4
CVE-2024-48707
MEDIUM
Collabtive 3.1 - Stored Cross-Site Scripting via Name Parameter in Milestone Management
CVSS 5.4
CVE-2024-48706
MEDIUM
Collabtive 3.1 - Stored Cross-Site Scripting via Title Parameter in managemessage.php and managetask.php
CVSS 5.4
CVE-2024-46538
MEDIUM
pfSense 2.5.2 - Stored Cross-Site Scripting via $pconfig Variable in interfaces_groups_edit.php
CVSS 4.8
CVE-2024-48927
MEDIUM
Umbraco CMS 8.0-8.18.14, 10.0.0-10.8.6, 13.0-13.5.1 - Remote Code Execution via SVG Preview
CVSS 4.6
CVE-2024-47819
MEDIUM
Umbraco CMS 14.0.0-14.3.0 - Cross-Site Scripting in Dictionary Section
CVSS 4.2
CVE-2024-46240
MEDIUM
Collabtive 3.1 - Stored Cross-Site Scripting via admin.php Parameters
CVSS 4.8
CVE-2024-10234
MEDIUM
Red Hat Build of Keycloak - Cross-Site Scripting via Wildfly Deployment System
CVSS 6.1
CVE-2024-9231
MEDIUM
WP-Members Membership Plugin <= 3.4.9.5 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg
CVSS 6.1
CVE-2024-10189
MEDIUM
Anchor Episodes Index (Spotify for Podcasters) <2.1.10 - XSS
CVSS 6.4
CVE-2024-9591
MEDIUM
Category and Taxonomy Image <= 1.0.0 - Authenticated Stored Cross-Site Scripting via _category_image Parameter
CVSS 5.5
Details
Vulnerabilities
45,440
Exploit Likelihood
High