CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,445 vulnerabilities with CWE-79
CVE-2024-46605
MEDIUM
Piwigo < 14.5.0 - Stored Cross-Site Scripting via Album Description Field
CVSS 6.1
CVE-2024-45071
MEDIUM
IBM WebSphere App Server <9.0 - XSS
CVSS 5.5
CVE-2024-20512
MEDIUM
Cisco Unified Contact Center Management Portal 12.6(1) - Unauthenticated Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-20460
MEDIUM
Cisco ATA 190 Series Firmware < 12.0.2 (ATA 191) / < 11.2.5 (ATA 192) - Unauthenticated Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-10033
MEDIUM
Red Hat Ansible Automation Platform - Stored Cross-Site Scripting via Gateway Next Parameter
CVSS 6.1
CVE-2024-49265
MEDIUM
Booking.com Banner Creator <= 1.4.6 - Cross-Site Scripting
CVSS 6.5
CVE-2024-49268
HIGH
disconnected < 1.3.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-49267
MEDIUM
nayon46 Unlimited Addon For Elementor <2.0.0 - XSS
CVSS 6.5
CVE-2024-49266
MEDIUM
Thimo Grauerholz WP-Spreadplugin <4.8.9 - XSS
CVSS 5.9
CVE-2024-49270
MEDIUM
Smart Blocks <= 2.0 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-6380
HIGH
ENOVIA Collaborative Industry Innovator - XSS
CVSS 8.7
CVE-2024-8921
MEDIUM
Zita Elementor Site Library <1.6.3 - XSS
CVSS 6.4
CVE-2024-9444
MEDIUM
ElementsReady Addons for Elementor <= 6.4.3 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-45715
HIGH
SolarWinds Platform < 2024.4 - Cross-Site Scripting via Edit Function
CVSS 7.1
CVE-2024-45714
MEDIUM
SolarWinds Serv-U < 15.4.2.3 - Authenticated Stored Cross-Site Scripting
CVSS 4.8
CVE-2024-9582
MEDIUM
Accordion Slider < 1.9.11 - Authenticated Stored Cross-Site Scripting via HTML Attribute
CVSS 6.4
CVE-2024-9937
MEDIUM
Woo Manage Fraud Orders <6.1.7 - XSS
CVSS 6.1
CVE-2024-9888
MEDIUM
ElementInvader Addons for Elementor <= 1.2.8 - Stored XSS via Contact Form Widget
CVSS 5.4
CVE-2024-9873
MEDIUM
The Community by PeepSo - Social Network, Membership, Registration,...
CVSS 5.4
CVE-2024-9652
MEDIUM
WordPress Locatoraid Store Locator <3.9.47 - XSS
CVSS 6.1
CVE-2024-9647
MEDIUM
Kama SpamBlock <= 1.8.2 - Unauthenticated Reflected Cross-Site Scripting via $_POST Values
CVSS 6.1
CVE-2024-9521
MEDIUM
SEO Manager <= 1.9 - Authenticated Stored Cross-Site Scripting via Post Meta
CVSS 6.4
CVE-2024-8787
MEDIUM
WordPress Clover Plugin <1.5.7 - XSS
CVSS 6.1
CVE-2024-8541
MEDIUM
Discount Rules for WooCommerce - WooCommerce <2.6.5 - XSS
CVSS 4.7
CVE-2024-48624
MEDIUM
DomainMOD < 4.12.0 - Reflected Cross-Site Scripting via segid Parameter
CVSS 5.3
Details
Vulnerabilities
45,445
Exploit Likelihood
High