CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,456 vulnerabilities with CWE-79
CVE-2024-8486 MEDIUM
Phlox theme < 2.16.3 - Authenticated Stored XSS via Modern Heading and Icon Picker Widgets
CVSS 6.4
CVE-2024-9528 MEDIUM
Fluent Forms <= 5.1.19 - Authenticated Stored XSS via Form Label Fields
CVSS 4.9
CVE-2024-9455 MEDIUM
WP Cleanup and Basic Functions <2.2.1 - XSS
CVSS 6.4
CVE-2024-9385 MEDIUM
Themify Builder <= 7.6.2 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg
CVSS 6.1
CVE-2024-47847 MEDIUM
The Wikimedia Foundation Mediawiki - Cargo <3.6.1 - XSS
CVSS 6.1
CVE-2024-47840 MEDIUM
Mediawiki - Apex skin <1.39.9-1.42.2 - XSS
CVSS 4.8
CVE-2024-43687 MEDIUM
Microchip TimeProvider 4100 Firmware 1.0-2.4.6 - Stored Cross-Site Scripting in Banner Config Modules
CVSS 6.1
CVE-2024-43686 MEDIUM
Microchip TimeProvider 4100 Firmware 1.0-2.4.6 - Reflected Cross-Site Scripting in Data Plot Modules
CVSS 6.1
CVE-2024-43684 HIGH
Microchip TimeProvider 4100 Firmware 1.0-2.4.6 - Cross-Site Request Forgery and Cross-Site Scripting
CVSS 8.8
CVE-2024-46077 MEDIUM
Online Tours and Travels Management System 1.0 - Stored Cross-Site Scripting via travellers.php Parameters
CVSS 5.4
CVE-2024-8149 MEDIUM
Esri Portal for ArcGIS 11.1-11.2 - XSS
CVSS 4.6
CVE-2024-41516 MEDIUM
CADClick <= 1.11.0 - Reflected Cross-Site Scripting via ccHandler.aspx bomid Parameter
CVSS 5.4
CVE-2024-41515 MEDIUM
CADClick <= 1.11.0 - Reflected Cross-Site Scripting via ccHandlerResource.ashx res_url Parameter
CVSS 5.4
CVE-2024-41514 MEDIUM
CADClick v1.11.0 and before - Reflected Cross-Site Scripting via wer Parameter
CVSS 5.4
CVE-2024-41513 MEDIUM
CADClick v1.11.0 and before - Reflected Cross-Site Scripting via Artikel.aspx searchindex Parameter
CVSS 5.4
CVE-2024-38039 MEDIUM
Esri Portal for ArcGIS <=11.0 - XSS
CVSS 5.4
CVE-2024-38038 MEDIUM
Esri Portal for ArcGIS 11.1 - Unauthenticated Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-38036 MEDIUM
Esri Portal for ArcGIS <10.9.1 - XSS
CVSS 5.4
CVE-2024-25707 MEDIUM
Esri Portal for ArcGIS < 11.1 - Authenticated Reflected Cross-Site Scripting
CVSS 4.8
CVE-2024-25702 MEDIUM
Esri Portal for ArcGIS < 11.1 - Authenticated Stored Cross-Site Scripting via Enterprise Sites Configuration
CVSS 4.8
CVE-2024-25701 MEDIUM
Esri Portal for ArcGIS 10.8.1-11.1 - Authenticated Stored Cross-Site Scripting in Experience Builder Embed Widget
CVSS 4.8
CVE-2024-25694 MEDIUM
Esri Portal for ArcGIS 10.8.1-10.9.1 - Authenticated Stored Cross-Site Scripting in Layer Showcase Application
CVSS 4.8
CVE-2024-25691 MEDIUM
Esri Portal for ArcGIS <= 11.1 - Unauthenticated Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-46409 MEDIUM
SeedDMS 6.0.28 - Stored Cross-Site Scripting via Calendar Name Parameter
CVSS 5.4
CVE-2024-47765 MEDIUM
jgniecki/minecraft_motd_parser < 1.0.6 - Cross-Site Scripting via Malformed MOTD Color and Text Properties
CVSS 6.1
Details
Vulnerabilities 45,456
Exploit Likelihood High