CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,450 vulnerabilities with CWE-79
CVE-2024-9647 MEDIUM
Kama SpamBlock <= 1.8.2 - Unauthenticated Reflected Cross-Site Scripting via $_POST Values
CVSS 6.1
CVE-2024-9521 MEDIUM
SEO Manager <= 1.9 - Authenticated Stored Cross-Site Scripting via Post Meta
CVSS 6.4
CVE-2024-8787 MEDIUM
WordPress Clover Plugin <1.5.7 - XSS
CVSS 6.1
CVE-2024-8541 MEDIUM
Discount Rules for WooCommerce - WooCommerce <2.6.5 - XSS
CVSS 4.7
CVE-2024-48624 MEDIUM
DomainMOD < 4.12.0 - Reflected Cross-Site Scripting via segid Parameter
CVSS 5.3
CVE-2024-48623 MEDIUM
DomainMOD < 4.12.0 - Reflected Cross-Site Scripting via list_id and domain_id Parameters
CVSS 5.3
CVE-2024-48622 MEDIUM
DomainMOD < 4.12.0 - Cross-Site Scripting via admin/domain-fields/edit.php cdfid Parameter
CVSS 6.6
CVE-2024-9895 MEDIUM
Smart Online Order for Clover <= 1.5.7 - Authenticated Stored Cross-Site Scripting via moo_receipt_link Shortcode
CVSS 6.4
CVE-2024-9944 MEDIUM
WooCommerce <= 9.0.2 - Unauthenticated HTML Injection via Order Form Submission
CVSS 5.3
CVE-2024-21535 MEDIUM
markdown-to-jsx < 7.4.0 - Cross-Site Scripting via src Property
CVSS 6.1
CVE-2024-9969 MEDIUM
NewType WebEIP v3.0 - Reflected Cross-Site Scripting
CVSS 5.4
CVE-2024-9952 LOW
SourceCodester Online Eyewear Shop 1.0 - XSS
CVSS 2.4
CVE-2024-9548 HIGH
SlimStat Analytics <= 5.2.6 - Unauthenticated Stored Cross-Site Scripting via Resource Parameter
CVSS 7.2
CVE-2024-48821 MEDIUM
Automatic Systems Maintenance SlimLane - XSS
CVSS 6.1
CVE-2024-47885 MEDIUM
Astro 3.0.0-4.16.0 - Cross-Site Scripting via DOM Clobbering in Client-Side Router
CVSS 5.9
CVE-2024-47826 LOW
elabftw < 5.1.5 - HTML Injection via Extended Search String
CVSS 3.5
CVE-2024-46980 MEDIUM
Tuleap < 15.12-6 and < 15.13.99.37 - Cross-Site Scripting via Artifact Link Type Forward Label
CVSS 4.8
CVE-2024-45741 MEDIUM
Splunk 9.1.0-9.1.5 and 9.1.2312-9.1.2312.204 - Stored Cross-Site Scripting via Custom Configuration File
CVSS 5.4
CVE-2024-45740 MEDIUM
Splunk Enterprise < 9.2.3, 9.1.0-9.1.6 & Splunk Cloud Platform < 9.2.2403 - Stored XSS via Scheduled Views
CVSS 5.4
CVE-2024-48120 MEDIUM
X2CRM 8.5 - Authenticated Stored Cross-Site Scripting in Opportunities Module Name Field
CVSS 5.4
CVE-2024-48119 MEDIUM
vtiger CRM v8.2.0 - Authenticated HTML Injection via Module Parameter
CVSS 5.4
CVE-2024-9906 LOW
SourceCodester Online Eyewear Shop 1.0 - Cross-Site Scripting via Inventory View Code Parameter
CVSS 3.5
CVE-2024-9696 MEDIUM
Rescue Shortcodes <= 2.8 - Authenticated Stored Cross-Site Scripting via rescue_tab Shortcode
CVSS 6.4
CVE-2024-9595 MEDIUM
TablePress <= 2.4.2 - Authenticated Stored Cross-Site Scripting via Table Cell Content
CVSS 6.4
CVE-2024-8915 MEDIUM
Category Icon < 1.0.0 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
Details
Vulnerabilities 45,450
Exploit Likelihood High