CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,456 vulnerabilities with CWE-79
CVE-2024-8486
MEDIUM
Phlox theme < 2.16.3 - Authenticated Stored XSS via Modern Heading and Icon Picker Widgets
CVSS 6.4
CVE-2024-9528
MEDIUM
Fluent Forms <= 5.1.19 - Authenticated Stored XSS via Form Label Fields
CVSS 4.9
CVE-2024-9455
MEDIUM
WP Cleanup and Basic Functions <2.2.1 - XSS
CVSS 6.4
CVE-2024-9385
MEDIUM
Themify Builder <= 7.6.2 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg
CVSS 6.1
CVE-2024-47847
MEDIUM
The Wikimedia Foundation Mediawiki - Cargo <3.6.1 - XSS
CVSS 6.1
CVE-2024-47840
MEDIUM
Mediawiki - Apex skin <1.39.9-1.42.2 - XSS
CVSS 4.8
CVE-2024-43687
MEDIUM
Microchip TimeProvider 4100 Firmware 1.0-2.4.6 - Stored Cross-Site Scripting in Banner Config Modules
CVSS 6.1
CVE-2024-43686
MEDIUM
Microchip TimeProvider 4100 Firmware 1.0-2.4.6 - Reflected Cross-Site Scripting in Data Plot Modules
CVSS 6.1
CVE-2024-43684
HIGH
Microchip TimeProvider 4100 Firmware 1.0-2.4.6 - Cross-Site Request Forgery and Cross-Site Scripting
CVSS 8.8
CVE-2024-46077
MEDIUM
Online Tours and Travels Management System 1.0 - Stored Cross-Site Scripting via travellers.php Parameters
CVSS 5.4
CVE-2024-8149
MEDIUM
Esri Portal for ArcGIS 11.1-11.2 - XSS
CVSS 4.6
CVE-2024-41516
MEDIUM
CADClick <= 1.11.0 - Reflected Cross-Site Scripting via ccHandler.aspx bomid Parameter
CVSS 5.4
CVE-2024-41515
MEDIUM
CADClick <= 1.11.0 - Reflected Cross-Site Scripting via ccHandlerResource.ashx res_url Parameter
CVSS 5.4
CVE-2024-41514
MEDIUM
CADClick v1.11.0 and before - Reflected Cross-Site Scripting via wer Parameter
CVSS 5.4
CVE-2024-41513
MEDIUM
CADClick v1.11.0 and before - Reflected Cross-Site Scripting via Artikel.aspx searchindex Parameter
CVSS 5.4
CVE-2024-38039
MEDIUM
Esri Portal for ArcGIS <=11.0 - XSS
CVSS 5.4
CVE-2024-38038
MEDIUM
Esri Portal for ArcGIS 11.1 - Unauthenticated Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-38036
MEDIUM
Esri Portal for ArcGIS <10.9.1 - XSS
CVSS 5.4
CVE-2024-25707
MEDIUM
Esri Portal for ArcGIS < 11.1 - Authenticated Reflected Cross-Site Scripting
CVSS 4.8
CVE-2024-25702
MEDIUM
Esri Portal for ArcGIS < 11.1 - Authenticated Stored Cross-Site Scripting via Enterprise Sites Configuration
CVSS 4.8
CVE-2024-25701
MEDIUM
Esri Portal for ArcGIS 10.8.1-11.1 - Authenticated Stored Cross-Site Scripting in Experience Builder Embed Widget
CVSS 4.8
CVE-2024-25694
MEDIUM
Esri Portal for ArcGIS 10.8.1-10.9.1 - Authenticated Stored Cross-Site Scripting in Layer Showcase Application
CVSS 4.8
CVE-2024-25691
MEDIUM
Esri Portal for ArcGIS <= 11.1 - Unauthenticated Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-46409
MEDIUM
SeedDMS 6.0.28 - Stored Cross-Site Scripting via Calendar Name Parameter
CVSS 5.4
CVE-2024-47765
MEDIUM
jgniecki/minecraft_motd_parser < 1.0.6 - Cross-Site Scripting via Malformed MOTD Color and Text Properties
CVSS 6.1
Details
Vulnerabilities
45,456
Exploit Likelihood
High