CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,450 vulnerabilities with CWE-79
CVE-2024-5968 MEDIUM
Photo Gallery by 10Web < 1.8.28 - Authenticated Stored Cross-Site Scripting in Gallery Settings
CVSS 4.8
CVE-2024-7963 MEDIUM
CMSMasters Content Composer <1.8.8 - XSS
CVSS 6.4
CVE-2024-46410 MEDIUM
PublicCMS V4.0.202406.d - Cross-Site Scripting in Category Management
CVSS 4.8
CVE-2024-43612 MEDIUM
Power BI Report Server < 15.0.1116.121 - Spoofing
CVSS 6.9
CVE-2024-43573 MEDIUM KEV
Windows 10 1507-22H2 and Windows 11 21H2-22H2 - Spoofing via MSHTML Platform
CVSS 6.5
CVE-2024-43481 MEDIUM
Power BI Report Server < 15.0.1116.121 - Spoofing
CVSS 6.5
CVE-2024-8215 HIGH
Payara Server <5.68.0 - XSS
CVSS 8.4
CVE-2024-47951 LOW
JetBrains TeamCity < 2024.07.3 - Stored Cross-Site Scripting via Server Global Settings
CVSS 3.5
CVE-2024-47950 LOW
JetBrains TeamCity < 2024.07.03 - Stored Cross-Site Scripting in Backup Configuration Settings
CVSS 3.5
CVE-2024-8482 MEDIUM
Royal Elementor Addons & Templates <1.3.982 - XSS
CVSS 6.4
CVE-2024-9207 MEDIUM
BuddyPress Docs <= 2.2.3 - Unauthenticated Reflected Cross-Site Scripting via remove_query_arg
CVSS 6.1
CVE-2024-8488 MEDIUM
Survey Maker <= 4.9.7 - Authenticated Stored Cross-Site Scripting via Survey Fields
CVSS 4.4
CVE-2024-8629 MEDIUM
WooCommerce Multilingual & Multicurrency with WPML <5.3.7 - XSS
CVSS 6.1
CVE-2024-8433 MEDIUM
Easy Mega Menu Plugin for WordPress - ThemeHunk <= 1.1.0 - Authenticated Stored XSS
CVSS 6.4
CVE-2024-8964 MEDIUM
Sirv < 7.3.0 & Image Optimizer < 7.2.9 - Authenticated Stored XSS via SVG Upload
CVSS 6.4
CVE-2024-47095 MEDIUM
Follet School Solutions Destiny <v22.0.1 AU1 - XSS
CVE-2024-9292 MEDIUM
Bridge Core <= 3.2.0 - Authenticated Stored Cross-Site Scripting via 'formforall' Shortcode
CVSS 6.4
CVE-2024-9021 MEDIUM
Relevanssi < 4.23.1 - Stored Cross-Site Scripting via Contributor Role Script Embedding
CVSS 5.4
CVE-2024-47594 MEDIUM
SAP NetWeaver Enterprise Portal - XSS
CVSS 5.4
CVE-2024-45278 MEDIUM
SAP Commerce Backoffice - Cross-Site Scripting
CVSS 5.4
CVE-2024-47817 MEDIUM
Lara-zeus Dynamic Dashboard 3.0.0-3.0.1 and Artemis 1.0.0-1.0.6 - Stored Cross-Site Scripting in Paragraph Widget
CVSS 6.1
CVE-2024-47782 HIGH
WikiDiscover < 2024-10-06 - Stored Cross-Site Scripting in Special:WikiDiscover Page
CVSS 7.6
CVE-2024-47781 MEDIUM
CreateWiki >=2018-11-07 <2024-10-07 - Stored Cross-Site Scripting in Wiki Request Queue
CVSS 6.1
CVE-2024-47772 MEDIUM
Discourse < 3.3.2 and < 3.4.0 - Stored Cross-Site Scripting via Chat Message Reply
CVSS 6.5
CVE-2024-47610 HIGH
InvenTree < 0.16.5 - Stored Cross-Site Scripting in Markdown Notes Fields
CVSS 7.3
Details
Vulnerabilities 45,450
Exploit Likelihood High