CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,450 vulnerabilities with CWE-79
CVE-2024-45060 HIGH
PHPSpreadsheet < 1.29.2 >=2.2.0 <2.3.0 - Cross-Site Scripting via Quadratic Equation Solver Sample
CVSS 7.1
CVE-2024-43365 MEDIUM
Cacti - Stored Cross-Site Scripting via consolenewsection Parameter
CVSS 5.7
CVE-2024-43364 MEDIUM
Cacti < 1.2.28 - Stored Cross-Site Scripting via External Link Title Parameter
CVSS 5.7
CVE-2024-43362 HIGH
Cacti < 1.2.28 - Stored Cross-Site Scripting via FileURL Parameter
CVSS 7.3
CVE-2024-45292 MEDIUM
PHPSpreadsheet <1.29.2, <2.1.1, <2.3.0 - XSS
CVSS 5.4
CVE-2024-42831 MEDIUM
Elaine's Realtime CRM Automation <6.18.17 - XSS
CVSS 6.1
CVE-2024-46300 MEDIUM
Placement Management System 1.0 - Stored Cross-Site Scripting via Registration Full Name Field
CVSS 6.1
CVE-2024-46278 HIGH
Teedy 1.11 - Cross-Site Scripting via Management Console
CVSS 8.4
CVE-2024-45932 MEDIUM
Krayin CRM v1.3.0 - Stored Cross-Site Scripting via Organization Name Field
CVSS 4.8
CVE-2024-28710 MEDIUM
LimeSurvey < 6.5.0+240319 - Stored Cross-Site Scripting in Alert Widget Message Component
CVSS 6.1
CVE-2024-28709 MEDIUM
LimeSurvey < 6.5.12+240611 - Cross-Site Scripting via Title and Comment Fields
CVSS 6.1
CVE-2024-9572 MEDIUM
SOPlanning < 1.45 - Cross-Site Scripting via groupe_id Parameter
CVSS 6.3
CVE-2024-9571 MEDIUM
SOPlanning < 1.45 - Cross-Site Scripting via xajax_server.php Parameters
CVSS 6.3
CVE-2024-45153 MEDIUM
Adobe Experience Manager <6.5.20 - XSS
CVSS 5.4
CVE-2024-47650 MEDIUM
Axton WP-WebAuthn <= 1.3.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-44040 MEDIUM
Plainware ShiftController <4.9.64 - XSS
CVSS 5.9
CVE-2024-44039 MEDIUM
WP Travel <= 9.3.1 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2024-44037 MEDIUM
MagePeople Team Multipurpose Ticket Booking Manager <4.2.2 - XSS
CVSS 5.9
CVE-2024-44036 MEDIUM
Pierre Lebedel Kodex Posts <2.5.0 - XSS
CVSS 5.9
CVE-2024-44035 MEDIUM
TemeGUM Gum Elementor Addon <1.3.7 - XSS
CVSS 6.5
CVE-2024-44033 MEDIUM
Primary Addon for Elementor <= 1.5.7 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-44032 MEDIUM
Restaurant & Cafe Addon for Elementor <= 1.5.5 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-44029 HIGH
David Garlitz viala < 1.3.1 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-44027 MEDIUM
TemeGUM Gum Elementor Addon <1.3.6 - XSS
CVSS 6.5
CVE-2024-44026 MEDIUM
Charity Addon for Elementor <= 1.3.0 - Stored Cross-Site Scripting
CVSS 6.5
Details
Vulnerabilities 45,450
Exploit Likelihood High