CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,445 vulnerabilities with CWE-79
CVE-2024-46240
MEDIUM
Collabtive 3.1 - Stored Cross-Site Scripting via admin.php Parameters
CVSS 4.8
CVE-2024-10234
MEDIUM
Red Hat Build of Keycloak - Cross-Site Scripting via Wildfly Deployment System
CVSS 6.1
CVE-2024-9231
MEDIUM
WP-Members Membership Plugin <= 3.4.9.5 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg
CVSS 6.1
CVE-2024-10189
MEDIUM
Anchor Episodes Index (Spotify for Podcasters) <2.1.10 - XSS
CVSS 6.4
CVE-2024-9591
MEDIUM
Category and Taxonomy Image <= 1.0.0 - Authenticated Stored Cross-Site Scripting via _category_image Parameter
CVSS 5.5
CVE-2024-9590
MEDIUM
Category and Taxonomy Meta Fields <= 1.0.0 - Authenticated Stored Cross-Site Scripting via Image Meta Field
CVSS 5.5
CVE-2024-9589
MEDIUM
Category and Taxonomy Meta Fields <= 1.0.0 - Authenticated Stored Cross-Site Scripting via new_meta_name Parameter
CVSS 5.5
CVE-2024-40088
MEDIUM
Vilo 5 Mesh WiFi System <= 5.16.1.33 - Path Traversal
CVSS 5.3
CVE-2024-30160
MEDIUM
Mitel MiCollab <= 9.7.1.110 - Authenticated Stored Cross-Site Scripting in Suite Applications Services
CVSS 4.8
CVE-2024-30159
MEDIUM
Mitel MiCollab < 9.7.1.110 - Authenticated Stored Cross-Site Scripting in Web Conferencing Component
CVSS 4.8
CVE-2024-48709
MEDIUM
CodeAstro Membership Management System 1.0 - Stored Cross-Site Scripting via membershipType Parameter
CVSS 5.4
CVE-2024-46239
MEDIUM
PHPGurukul Hospital Management System 4.0 - Cross-Site Scripting via docname and adminremark Parameters
CVSS 5.9
CVE-2024-46238
MEDIUM
PHPGurukul Hospital Management System 4.0 - Stored Cross-Site Scripting via docname Parameter
CVSS 5.9
CVE-2024-46236
MEDIUM
CodeAstro Membership Management System 1.0 - Stored Cross-Site Scripting via Address Parameter
CVSS 5.4
CVE-2024-40746
MEDIUM
HikaShop Joomla Component < 5.1.1 - XSS
CVSS 5.4
CVE-2024-10199
LOW
Pharmacy Management System 1.0 - XSS
CVSS 2.4
CVE-2024-10198
LOW
Code-projects Pharmacy Management System 1.0 - XSS
CVSS 2.4
CVE-2024-10197
LOW
Pharmacy Management System 1.0 - XSS
CVSS 2.4
CVE-2024-44061
HIGH
EU/UK VAT Manager for WooCommerce <= 2.12.14 - Cross-Site Scripting
CVSS 7.1
CVE-2024-49631
MEDIUM
Md Abdul Kader Easy Addons for Elementor <1.3.0 - XSS
CVSS 6.5
CVE-2024-49630
MEDIUM
HT Plugins WP Education <1.2.8 - XSS
CVSS 6.5
CVE-2024-49606
HIGH
Dotsquares Google Map Locations <1.0 - XSS
CVSS 7.1
CVE-2024-49334
HIGH
jLayer Parallax Slider < 1.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-49323
HIGH
All in One Slider <= 1.1 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-48049
MEDIUM
Mighty Builder <= 1.0.2 - Stored Cross-Site Scripting
CVSS 6.5
Details
Vulnerabilities
45,445
Exploit Likelihood
High