CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,450 vulnerabilities with CWE-79
CVE-2024-5968
MEDIUM
Photo Gallery by 10Web < 1.8.28 - Authenticated Stored Cross-Site Scripting in Gallery Settings
CVSS 4.8
CVE-2024-7963
MEDIUM
CMSMasters Content Composer <1.8.8 - XSS
CVSS 6.4
CVE-2024-46410
MEDIUM
PublicCMS V4.0.202406.d - Cross-Site Scripting in Category Management
CVSS 4.8
CVE-2024-43612
MEDIUM
Power BI Report Server < 15.0.1116.121 - Spoofing
CVSS 6.9
CVE-2024-43573
MEDIUM
KEV
Windows 10 1507-22H2 and Windows 11 21H2-22H2 - Spoofing via MSHTML Platform
CVSS 6.5
CVE-2024-43481
MEDIUM
Power BI Report Server < 15.0.1116.121 - Spoofing
CVSS 6.5
CVE-2024-8215
HIGH
Payara Server <5.68.0 - XSS
CVSS 8.4
CVE-2024-47951
LOW
JetBrains TeamCity < 2024.07.3 - Stored Cross-Site Scripting via Server Global Settings
CVSS 3.5
CVE-2024-47950
LOW
JetBrains TeamCity < 2024.07.03 - Stored Cross-Site Scripting in Backup Configuration Settings
CVSS 3.5
CVE-2024-8482
MEDIUM
Royal Elementor Addons & Templates <1.3.982 - XSS
CVSS 6.4
CVE-2024-9207
MEDIUM
BuddyPress Docs <= 2.2.3 - Unauthenticated Reflected Cross-Site Scripting via remove_query_arg
CVSS 6.1
CVE-2024-8488
MEDIUM
Survey Maker <= 4.9.7 - Authenticated Stored Cross-Site Scripting via Survey Fields
CVSS 4.4
CVE-2024-8629
MEDIUM
WooCommerce Multilingual & Multicurrency with WPML <5.3.7 - XSS
CVSS 6.1
CVE-2024-8433
MEDIUM
Easy Mega Menu Plugin for WordPress - ThemeHunk <= 1.1.0 - Authenticated Stored XSS
CVSS 6.4
CVE-2024-8964
MEDIUM
Sirv < 7.3.0 & Image Optimizer < 7.2.9 - Authenticated Stored XSS via SVG Upload
CVSS 6.4
CVE-2024-47095
MEDIUM
Follet School Solutions Destiny <v22.0.1 AU1 - XSS
CVE-2024-9292
MEDIUM
Bridge Core <= 3.2.0 - Authenticated Stored Cross-Site Scripting via 'formforall' Shortcode
CVSS 6.4
CVE-2024-9021
MEDIUM
Relevanssi < 4.23.1 - Stored Cross-Site Scripting via Contributor Role Script Embedding
CVSS 5.4
CVE-2024-47594
MEDIUM
SAP NetWeaver Enterprise Portal - XSS
CVSS 5.4
CVE-2024-45278
MEDIUM
SAP Commerce Backoffice - Cross-Site Scripting
CVSS 5.4
CVE-2024-47817
MEDIUM
Lara-zeus Dynamic Dashboard 3.0.0-3.0.1 and Artemis 1.0.0-1.0.6 - Stored Cross-Site Scripting in Paragraph Widget
CVSS 6.1
CVE-2024-47782
HIGH
WikiDiscover < 2024-10-06 - Stored Cross-Site Scripting in Special:WikiDiscover Page
CVSS 7.6
CVE-2024-47781
MEDIUM
CreateWiki >=2018-11-07 <2024-10-07 - Stored Cross-Site Scripting in Wiki Request Queue
CVSS 6.1
CVE-2024-47772
MEDIUM
Discourse < 3.3.2 and < 3.4.0 - Stored Cross-Site Scripting via Chat Message Reply
CVSS 6.5
CVE-2024-47610
HIGH
InvenTree < 0.16.5 - Stored Cross-Site Scripting in Markdown Notes Fields
CVSS 7.3
Details
Vulnerabilities
45,450
Exploit Likelihood
High