CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,445 vulnerabilities with CWE-79
CVE-2024-46605 MEDIUM
Piwigo < 14.5.0 - Stored Cross-Site Scripting via Album Description Field
CVSS 6.1
CVE-2024-45071 MEDIUM
IBM WebSphere App Server <9.0 - XSS
CVSS 5.5
CVE-2024-20512 MEDIUM
Cisco Unified Contact Center Management Portal 12.6(1) - Unauthenticated Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-20460 MEDIUM
Cisco ATA 190 Series Firmware < 12.0.2 (ATA 191) / < 11.2.5 (ATA 192) - Unauthenticated Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-10033 MEDIUM
Red Hat Ansible Automation Platform - Stored Cross-Site Scripting via Gateway Next Parameter
CVSS 6.1
CVE-2024-49265 MEDIUM
Booking.com Banner Creator <= 1.4.6 - Cross-Site Scripting
CVSS 6.5
CVE-2024-49268 HIGH
disconnected < 1.3.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-49267 MEDIUM
nayon46 Unlimited Addon For Elementor <2.0.0 - XSS
CVSS 6.5
CVE-2024-49266 MEDIUM
Thimo Grauerholz WP-Spreadplugin <4.8.9 - XSS
CVSS 5.9
CVE-2024-49270 MEDIUM
Smart Blocks <= 2.0 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-6380 HIGH
ENOVIA Collaborative Industry Innovator - XSS
CVSS 8.7
CVE-2024-8921 MEDIUM
Zita Elementor Site Library <1.6.3 - XSS
CVSS 6.4
CVE-2024-9444 MEDIUM
ElementsReady Addons for Elementor <= 6.4.3 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-45715 HIGH
SolarWinds Platform < 2024.4 - Cross-Site Scripting via Edit Function
CVSS 7.1
CVE-2024-45714 MEDIUM
SolarWinds Serv-U < 15.4.2.3 - Authenticated Stored Cross-Site Scripting
CVSS 4.8
CVE-2024-9582 MEDIUM
Accordion Slider < 1.9.11 - Authenticated Stored Cross-Site Scripting via HTML Attribute
CVSS 6.4
CVE-2024-9937 MEDIUM
Woo Manage Fraud Orders <6.1.7 - XSS
CVSS 6.1
CVE-2024-9888 MEDIUM
ElementInvader Addons for Elementor <= 1.2.8 - Stored XSS via Contact Form Widget
CVSS 5.4
CVE-2024-9873 MEDIUM
The Community by PeepSo - Social Network, Membership, Registration,...
CVSS 5.4
CVE-2024-9652 MEDIUM
WordPress Locatoraid Store Locator <3.9.47 - XSS
CVSS 6.1
CVE-2024-9647 MEDIUM
Kama SpamBlock <= 1.8.2 - Unauthenticated Reflected Cross-Site Scripting via $_POST Values
CVSS 6.1
CVE-2024-9521 MEDIUM
SEO Manager <= 1.9 - Authenticated Stored Cross-Site Scripting via Post Meta
CVSS 6.4
CVE-2024-8787 MEDIUM
WordPress Clover Plugin <1.5.7 - XSS
CVSS 6.1
CVE-2024-8541 MEDIUM
Discount Rules for WooCommerce - WooCommerce <2.6.5 - XSS
CVSS 4.7
CVE-2024-48624 MEDIUM
DomainMOD < 4.12.0 - Reflected Cross-Site Scripting via segid Parameter
CVSS 5.3
Details
Vulnerabilities 45,445
Exploit Likelihood High