CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,450 vulnerabilities with CWE-79
CVE-2024-9803
LOW
code-projects Blood Bank Management System 1.0 - Cross-Site Scripting via blooddetails.php Availibility Parameter
CVSS 3.5
CVE-2024-9799
LOW
SourceCodester Profile Registration without Reload Refresh 1.0 - Cross-Site Scripting via add.php Parameter Manipulation
CVSS 3.5
CVE-2024-9792
LOW
D-Link DSL-2750U R5B017 - Cross-Site Scripting via PortMappingDescription Parameter
CVSS 2.4
CVE-2024-6530
HIGH
GitLab <17.2.9/<17.3.5/<17.4.2 - XSS
CVSS 7.3
CVE-2024-45127
MEDIUM
Adobe Commerce 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier - Stored Cross-Site Scripting in Form Fields
CVSS 4.8
CVE-2024-45123
MEDIUM
Adobe Commerce 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-45116
HIGH
Adobe Commerce <2.4.7-p2-2.4.4-p10 - XSS
CVSS 8.1
CVE-2024-9074
MEDIUM
Advanced Blocks Pro < 1.0.0 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-9457
MEDIUM
WP Builder <= 3.0.7 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-9377
MEDIUM
Products, Order & Customers Export for WooCommerce <= 2.0.15 - Reflected XSS via add_query_arg and remove_query_arg
CVSS 6.1
CVE-2024-9205
MEDIUM
Maximum Products per User for WooCommerce <= 4.2.8 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg
CVSS 6.1
CVE-2024-9072
MEDIUM
GDPR-Extensions-com - Consent Manager <= 1.0.0 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-9066
MEDIUM
Marketing and SEO Booster <= 1.9.10 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-9064
MEDIUM
Elementor Inline SVG < 1.2.0 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-9057
MEDIUM
Curator.io < 1.9.1 - Authenticated Stored Cross-Site Scripting via Feed ID Attribute
CVSS 6.4
CVE-2024-8987
MEDIUM
Youzify < 1.3.0 - Authenticated Stored Cross-Site Scripting via youzify_media Shortcode
CVSS 6.4
CVE-2024-8729
MEDIUM
Easy Social Share Buttons <1.4.5 - XSS
CVSS 6.1
CVE-2024-48933
MEDIUM
LemonLDAP::NG < 2.19.3 - Cross-Site Scripting via Username Input
CVSS 6.1
CVE-2024-38815
MEDIUM
VMware NSX 4.x and Cloud Foundation 5.x - Unauthenticated Content Spoofing via URL Redirection
CVSS 4.3
CVE-2024-47815
MEDIUM
IncidentReporting - Authenticated Cross-Site Scripting
CVSS 6.0
CVE-2024-47812
MEDIUM
ImportDump - Stored Cross-Site Scripting in Special:RequestImportQueue Date Messages
CVSS 6.0
CVE-2024-9467
MEDIUM
Palo Alto Networks Expedition 1.2.0-1.2.95 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-46237
MEDIUM
PHPGurukul Hospital Management System 4.0 - Stored Cross-Site Scripting via patname, pataddress, and medhis Parameters
CVSS 5.4
CVE-2024-9451
MEDIUM
Embed PDF Viewer <= 2.4.4 - Authenticated Stored Cross-Site Scripting via Height and Width Parameters
CVSS 6.4
CVE-2024-9449
MEDIUM
Auto iFrame <= 1.7 - Authenticated Stored Cross-Site Scripting via Tag Parameter
CVSS 6.4
Details
Vulnerabilities
45,450
Exploit Likelihood
High