CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,445 vulnerabilities with CWE-79
CVE-2024-46240 MEDIUM
Collabtive 3.1 - Stored Cross-Site Scripting via admin.php Parameters
CVSS 4.8
CVE-2024-10234 MEDIUM
Red Hat Build of Keycloak - Cross-Site Scripting via Wildfly Deployment System
CVSS 6.1
CVE-2024-9231 MEDIUM
WP-Members Membership Plugin <= 3.4.9.5 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg
CVSS 6.1
CVE-2024-10189 MEDIUM
Anchor Episodes Index (Spotify for Podcasters) <2.1.10 - XSS
CVSS 6.4
CVE-2024-9591 MEDIUM
Category and Taxonomy Image <= 1.0.0 - Authenticated Stored Cross-Site Scripting via _category_image Parameter
CVSS 5.5
CVE-2024-9590 MEDIUM
Category and Taxonomy Meta Fields <= 1.0.0 - Authenticated Stored Cross-Site Scripting via Image Meta Field
CVSS 5.5
CVE-2024-9589 MEDIUM
Category and Taxonomy Meta Fields <= 1.0.0 - Authenticated Stored Cross-Site Scripting via new_meta_name Parameter
CVSS 5.5
CVE-2024-40088 MEDIUM
Vilo 5 Mesh WiFi System <= 5.16.1.33 - Path Traversal
CVSS 5.3
CVE-2024-30160 MEDIUM
Mitel MiCollab <= 9.7.1.110 - Authenticated Stored Cross-Site Scripting in Suite Applications Services
CVSS 4.8
CVE-2024-30159 MEDIUM
Mitel MiCollab < 9.7.1.110 - Authenticated Stored Cross-Site Scripting in Web Conferencing Component
CVSS 4.8
CVE-2024-48709 MEDIUM
CodeAstro Membership Management System 1.0 - Stored Cross-Site Scripting via membershipType Parameter
CVSS 5.4
CVE-2024-46239 MEDIUM
PHPGurukul Hospital Management System 4.0 - Cross-Site Scripting via docname and adminremark Parameters
CVSS 5.9
CVE-2024-46238 MEDIUM
PHPGurukul Hospital Management System 4.0 - Stored Cross-Site Scripting via docname Parameter
CVSS 5.9
CVE-2024-46236 MEDIUM
CodeAstro Membership Management System 1.0 - Stored Cross-Site Scripting via Address Parameter
CVSS 5.4
CVE-2024-40746 MEDIUM
HikaShop Joomla Component < 5.1.1 - XSS
CVSS 5.4
CVE-2024-10199 LOW
Pharmacy Management System 1.0 - XSS
CVSS 2.4
CVE-2024-10198 LOW
Code-projects Pharmacy Management System 1.0 - XSS
CVSS 2.4
CVE-2024-10197 LOW
Pharmacy Management System 1.0 - XSS
CVSS 2.4
CVE-2024-44061 HIGH
EU/UK VAT Manager for WooCommerce <= 2.12.14 - Cross-Site Scripting
CVSS 7.1
CVE-2024-49631 MEDIUM
Md Abdul Kader Easy Addons for Elementor <1.3.0 - XSS
CVSS 6.5
CVE-2024-49630 MEDIUM
HT Plugins WP Education <1.2.8 - XSS
CVSS 6.5
CVE-2024-49606 HIGH
Dotsquares Google Map Locations <1.0 - XSS
CVSS 7.1
CVE-2024-49334 HIGH
jLayer Parallax Slider < 1.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-49323 HIGH
All in One Slider <= 1.1 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-48049 MEDIUM
Mighty Builder <= 1.0.2 - Stored Cross-Site Scripting
CVSS 6.5
Details
Vulnerabilities 45,445
Exploit Likelihood High