CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,456 vulnerabilities with CWE-79
CVE-2024-47618
MEDIUM
Sulu 2.0.0-2.6.5 - Stored Cross-Site Scripting via SVG File Upload
CVSS 5.4
CVE-2024-47617
MEDIUM
Sulu 2.6.0-2.6.4 - Reflected Cross-Site Scripting via Media Download URL
CVSS 6.1
CVE-2024-45964
MEDIUM
Zenario 9.7.61188 - Cross-Site Scripting via Organizer Tags Field
CVSS 4.8
CVE-2024-45962
MEDIUM
October 3.6.30 - Authenticated Stored Cross-Site Scripting via PDF Upload
CVSS 4.7
CVE-2024-45960
MEDIUM
Zenario 9.7.61188 - Authenticated Stored Cross-Site Scripting via PDF File Upload
CVSS 4.8
CVE-2024-43795
MEDIUM
OpenC3 COSMOS < 5.19.0 - Reflected Cross-Site Scripting in Login Functionality
CVSS 6.1
CVE-2024-9440
MEDIUM
slim-select 2.0-2.9.0 - Cross-Site Scripting via Unsanitized Options Object
CVSS 5.4
CVE-2024-33210
MEDIUM
Flatpress 1.3 - Stored Cross-Site Scripting
CVSS 5.4
CVE-2024-33209
MEDIUM
FlatPress v1.3 - Stored Cross-Site Scripting in Add New Entry Section
CVSS 5.4
CVE-2024-47612
LOW
DataDump < 601688ee8e8808a23b102fa305b178f27cbd226d - Stored Cross-Site Scripting via Unescaped Interface Messages
CVSS 3.5
CVE-2024-8505
MEDIUM
WordPress Infinite Scroll - Ajax Load More <7.1.2 - XSS
CVSS 6.4
CVE-2024-8282
MEDIUM
Ibtana - WordPress Website Builder <1.2.4.4 - XSS
CVSS 6.4
CVE-2024-9378
MEDIUM
YML for Yandex Market <= 4.7.2 - Unauthenticated Reflected Cross-Site Scripting via Page Parameter
CVSS 6.1
CVE-2024-9344
MEDIUM
BerqWP < 2.1.1 - Unauthenticated Reflected Cross-Site Scripting via URL Parameter
CVSS 6.1
CVE-2024-9218
MEDIUM
Magazine Blocks < 1.3.14 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg
CVSS 6.1
CVE-2024-9225
MEDIUM
SEOPress < 8.1.1 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg and remove_query_arg
CVSS 6.1
CVE-2024-9222
MEDIUM
Paid Membership Subscriptions <= 2.12.8 - Unauthenticated Reflected XSS via add_query_arg
CVSS 6.1
CVE-2024-9210
MEDIUM
MC4WP: Mailchimp Top Bar <= 1.6.0 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg
CVSS 6.1
CVE-2024-9172
MEDIUM
Demo Importer Plus <= 2.0.1 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-8967
MEDIUM
iworks PWA <= 1.6.3 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-8800
MEDIUM
RabbitLoader < 2.21.0 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg
CVSS 6.1
CVE-2024-9174
MEDIUM
M-Files Hubshare < 5.0.8.6 - Authenticated Stored HTML Injection in Social Module
CVSS 5.4
CVE-2024-47528
MEDIUM
LibreNMS < 24.9.0 - Stored Cross-Site Scripting via Custom Map Background SVG Upload
CVSS 4.8
CVE-2024-47527
HIGH
LibreNMS < 24.9.0 - Authenticated Stored Cross-Site Scripting via Device Name Hostname Parameter
CVSS 7.5
CVE-2024-47526
LOW
LibreNMS < 24.9.0 - Self Cross-Site Scripting in Alert Template Name
CVSS 3.5
Details
Vulnerabilities
45,456
Exploit Likelihood
High