CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,456 vulnerabilities with CWE-79
CVE-2024-47618 MEDIUM
Sulu 2.0.0-2.6.5 - Stored Cross-Site Scripting via SVG File Upload
CVSS 5.4
CVE-2024-47617 MEDIUM
Sulu 2.6.0-2.6.4 - Reflected Cross-Site Scripting via Media Download URL
CVSS 6.1
CVE-2024-45964 MEDIUM
Zenario 9.7.61188 - Cross-Site Scripting via Organizer Tags Field
CVSS 4.8
CVE-2024-45962 MEDIUM
October 3.6.30 - Authenticated Stored Cross-Site Scripting via PDF Upload
CVSS 4.7
CVE-2024-45960 MEDIUM
Zenario 9.7.61188 - Authenticated Stored Cross-Site Scripting via PDF File Upload
CVSS 4.8
CVE-2024-43795 MEDIUM
OpenC3 COSMOS < 5.19.0 - Reflected Cross-Site Scripting in Login Functionality
CVSS 6.1
CVE-2024-9440 MEDIUM
slim-select 2.0-2.9.0 - Cross-Site Scripting via Unsanitized Options Object
CVSS 5.4
CVE-2024-33210 MEDIUM
Flatpress 1.3 - Stored Cross-Site Scripting
CVSS 5.4
CVE-2024-33209 MEDIUM
FlatPress v1.3 - Stored Cross-Site Scripting in Add New Entry Section
CVSS 5.4
CVE-2024-47612 LOW
DataDump < 601688ee8e8808a23b102fa305b178f27cbd226d - Stored Cross-Site Scripting via Unescaped Interface Messages
CVSS 3.5
CVE-2024-8505 MEDIUM
WordPress Infinite Scroll - Ajax Load More <7.1.2 - XSS
CVSS 6.4
CVE-2024-8282 MEDIUM
Ibtana - WordPress Website Builder <1.2.4.4 - XSS
CVSS 6.4
CVE-2024-9378 MEDIUM
YML for Yandex Market <= 4.7.2 - Unauthenticated Reflected Cross-Site Scripting via Page Parameter
CVSS 6.1
CVE-2024-9344 MEDIUM
BerqWP < 2.1.1 - Unauthenticated Reflected Cross-Site Scripting via URL Parameter
CVSS 6.1
CVE-2024-9218 MEDIUM
Magazine Blocks < 1.3.14 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg
CVSS 6.1
CVE-2024-9225 MEDIUM
SEOPress < 8.1.1 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg and remove_query_arg
CVSS 6.1
CVE-2024-9222 MEDIUM
Paid Membership Subscriptions <= 2.12.8 - Unauthenticated Reflected XSS via add_query_arg
CVSS 6.1
CVE-2024-9210 MEDIUM
MC4WP: Mailchimp Top Bar <= 1.6.0 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg
CVSS 6.1
CVE-2024-9172 MEDIUM
Demo Importer Plus <= 2.0.1 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-8967 MEDIUM
iworks PWA <= 1.6.3 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-8800 MEDIUM
RabbitLoader < 2.21.0 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg
CVSS 6.1
CVE-2024-9174 MEDIUM
M-Files Hubshare < 5.0.8.6 - Authenticated Stored HTML Injection in Social Module
CVSS 5.4
CVE-2024-47528 MEDIUM
LibreNMS < 24.9.0 - Stored Cross-Site Scripting via Custom Map Background SVG Upload
CVSS 4.8
CVE-2024-47527 HIGH
LibreNMS < 24.9.0 - Authenticated Stored Cross-Site Scripting via Device Name Hostname Parameter
CVSS 7.5
CVE-2024-47526 LOW
LibreNMS < 24.9.0 - Self Cross-Site Scripting in Alert Template Name
CVSS 3.5
Details
Vulnerabilities 45,456
Exploit Likelihood High