CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,440 vulnerabilities with CWE-79
CVE-2024-49751 LOW
Press <5d118a902872d7941f099ad1fb918e2421e79ccc - XSS
CVE-2024-10250 MEDIUM
Nioland <= 1.2.6 - Reflected Cross-Site Scripting via 's' Parameter
CVSS 6.1
CVE-2024-10289 MEDIUM
LocalServer 1.0.9 - Cross-Site Scripting via MSubListName Parameter
CVSS 6.1
CVE-2024-10288 MEDIUM
LocalServer 1.0.9 - Cross-Site Scripting via /mlss/SubscribeToList ListName Parameter
CVSS 6.1
CVE-2024-10287 MEDIUM
LocalServer 1.0.9 - Cross-Site Scripting via ForgotPassword ListName Parameter
CVSS 6.1
CVE-2024-10286 MEDIUM
LocalServer 1.0.9 - Cross-Site Scripting via /testmail/index.php to Parameter
CVSS 6.1
CVE-2024-8500 MEDIUM
WP Shortcodes Plugin - Shortcodes Ultimate <= 7.2.2 - Authenticated Stored Cross-Site Scripting
CVSS 5.4
CVE-2024-10276 LOW
Telestream Sentry 6.0.9 - Cross-Site Scripting via Reports Page z Parameter
CVSS 3.5
CVE-2024-48656 MEDIUM
student_management_system 1.0.0 - Cross-Site Scripting
CVSS 4.8
CVE-2024-48652 MEDIUM
camaleon_cms 2.7.5 - Stored Cross-Site Scripting via Content Group Name Field
CVSS 4.8
CVE-2024-48415 MEDIUM
Loan Management System 1.0 - Stored Cross-Site Scripting via New Borrower Parameters
CVSS 5.0
CVE-2024-46482 HIGH
Ladybird Web Solution Faveo-Helpdesk <2.0.3 - RCE
CVSS 8.2
CVE-2024-49211 MEDIUM
Archer 6.3.0.0-2024.08 - Unauthenticated Reflected Cross-Site Scripting in Dashboard Listing Page
CVSS 5.2
CVE-2024-49210 MEDIUM
Archer 6.3.0.0-2024.09 - Unauthenticated Reflected Cross-Site Scripting in iView List UX Page
CVSS 5.2
CVE-2024-48708 MEDIUM
Collabtive 3.1 - Stored Cross-Site Scripting via Name Parameter in Tasklist and Admin Actions
CVSS 5.4
CVE-2024-48707 MEDIUM
Collabtive 3.1 - Stored Cross-Site Scripting via Name Parameter in Milestone Management
CVSS 5.4
CVE-2024-48706 MEDIUM
Collabtive 3.1 - Stored Cross-Site Scripting via Title Parameter in managemessage.php and managetask.php
CVSS 5.4
CVE-2024-46538 MEDIUM
pfSense 2.5.2 - Stored Cross-Site Scripting via $pconfig Variable in interfaces_groups_edit.php
CVSS 4.8
CVE-2024-48927 MEDIUM
Umbraco CMS 8.0-8.18.14, 10.0.0-10.8.6, 13.0-13.5.1 - Remote Code Execution via SVG Preview
CVSS 4.6
CVE-2024-47819 MEDIUM
Umbraco CMS 14.0.0-14.3.0 - Cross-Site Scripting in Dictionary Section
CVSS 4.2
CVE-2024-46240 MEDIUM
Collabtive 3.1 - Stored Cross-Site Scripting via admin.php Parameters
CVSS 4.8
CVE-2024-10234 MEDIUM
Red Hat Build of Keycloak - Cross-Site Scripting via Wildfly Deployment System
CVSS 6.1
CVE-2024-9231 MEDIUM
WP-Members Membership Plugin <= 3.4.9.5 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg
CVSS 6.1
CVE-2024-10189 MEDIUM
Anchor Episodes Index (Spotify for Podcasters) <2.1.10 - XSS
CVSS 6.4
CVE-2024-9591 MEDIUM
Category and Taxonomy Image <= 1.0.0 - Authenticated Stored Cross-Site Scripting via _category_image Parameter
CVSS 5.5
Details
Vulnerabilities 45,440
Exploit Likelihood High