CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,450 vulnerabilities with CWE-79
CVE-2024-9803 LOW
code-projects Blood Bank Management System 1.0 - Cross-Site Scripting via blooddetails.php Availibility Parameter
CVSS 3.5
CVE-2024-9799 LOW
SourceCodester Profile Registration without Reload Refresh 1.0 - Cross-Site Scripting via add.php Parameter Manipulation
CVSS 3.5
CVE-2024-9792 LOW
D-Link DSL-2750U R5B017 - Cross-Site Scripting via PortMappingDescription Parameter
CVSS 2.4
CVE-2024-6530 HIGH
GitLab <17.2.9/<17.3.5/<17.4.2 - XSS
CVSS 7.3
CVE-2024-45127 MEDIUM
Adobe Commerce 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier - Stored Cross-Site Scripting in Form Fields
CVSS 4.8
CVE-2024-45123 MEDIUM
Adobe Commerce 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-45116 HIGH
Adobe Commerce <2.4.7-p2-2.4.4-p10 - XSS
CVSS 8.1
CVE-2024-9074 MEDIUM
Advanced Blocks Pro < 1.0.0 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-9457 MEDIUM
WP Builder <= 3.0.7 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-9377 MEDIUM
Products, Order & Customers Export for WooCommerce <= 2.0.15 - Reflected XSS via add_query_arg and remove_query_arg
CVSS 6.1
CVE-2024-9205 MEDIUM
Maximum Products per User for WooCommerce <= 4.2.8 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg
CVSS 6.1
CVE-2024-9072 MEDIUM
GDPR-Extensions-com - Consent Manager <= 1.0.0 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-9066 MEDIUM
Marketing and SEO Booster <= 1.9.10 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-9064 MEDIUM
Elementor Inline SVG < 1.2.0 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-9057 MEDIUM
Curator.io < 1.9.1 - Authenticated Stored Cross-Site Scripting via Feed ID Attribute
CVSS 6.4
CVE-2024-8987 MEDIUM
Youzify < 1.3.0 - Authenticated Stored Cross-Site Scripting via youzify_media Shortcode
CVSS 6.4
CVE-2024-8729 MEDIUM
Easy Social Share Buttons <1.4.5 - XSS
CVSS 6.1
CVE-2024-48933 MEDIUM
LemonLDAP::NG < 2.19.3 - Cross-Site Scripting via Username Input
CVSS 6.1
CVE-2024-38815 MEDIUM
VMware NSX 4.x and Cloud Foundation 5.x - Unauthenticated Content Spoofing via URL Redirection
CVSS 4.3
CVE-2024-47815 MEDIUM
IncidentReporting - Authenticated Cross-Site Scripting
CVSS 6.0
CVE-2024-47812 MEDIUM
ImportDump - Stored Cross-Site Scripting in Special:RequestImportQueue Date Messages
CVSS 6.0
CVE-2024-9467 MEDIUM
Palo Alto Networks Expedition 1.2.0-1.2.95 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-46237 MEDIUM
PHPGurukul Hospital Management System 4.0 - Stored Cross-Site Scripting via patname, pataddress, and medhis Parameters
CVSS 5.4
CVE-2024-9451 MEDIUM
Embed PDF Viewer <= 2.4.4 - Authenticated Stored Cross-Site Scripting via Height and Width Parameters
CVSS 6.4
CVE-2024-9449 MEDIUM
Auto iFrame <= 1.7 - Authenticated Stored Cross-Site Scripting via Tag Parameter
CVSS 6.4
Details
Vulnerabilities 45,450
Exploit Likelihood High