CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,456 vulnerabilities with CWE-79
CVE-2024-47525 HIGH
LibreNMS < 24.9.0 - Authenticated Stored Cross-Site Scripting via Alert Rules Title Field
CVSS 7.5
CVE-2024-47524 HIGH
LibreNMS < 24.9.0 - Stored Cross-Site Scripting in Device Group Name
CVSS 7.2
CVE-2024-47523 HIGH
LibreNMS < 24.9.0 - Authenticated Stored Cross-Site Scripting in Alert Transports Details Section
CVSS 7.5
CVE-2024-46082 MEDIUM
Scriptcase < 9.10.023 - Cross-Site Scripting via nm_cor.php form and field Parameters
CVSS 5.4
CVE-2024-9411 LOW
ofcms 1.1.2 - Cross-Site Scripting via dict_value Parameter
CVSS 3.5
CVE-2024-46083 MEDIUM
Scriptcase < 9.10.023 - Authenticated Stored Cross-Site Scripting via Messages Feature
CVSS 5.4
CVE-2024-46081 MEDIUM
Scriptcase < 9.10.023 - Authenticated Stored Cross-Site Scripting in To-Do List
CVSS 5.4
CVE-2024-46079 MEDIUM
Scriptcase < 9.10.023 - Cross-Site Scripting via Descricao Parameter
CVSS 6.1
CVE-2024-31835 MEDIUM
flatpress < 1.3 - Cross-Site Scripting via File Name Parameter
CVSS 4.8
CVE-2024-9394 HIGH
Firefox < 131 and ESR < 115.16.0 - Cross-Site Scripting via Multipart Response
CVSS 7.5
CVE-2024-47604 HIGH
NuGetGallery 2024.06.21-2024.09.25 - Stored Cross-Site Scripting via HTML Attribute Handling
CVSS 8.2
CVE-2024-45967 MEDIUM
Pagekit 1.0.18 - Stored Cross-Site Scripting in Widget Admin Interface
CVSS 4.7
CVE-2024-41673 HIGH
Decidim < 0.27.8 - Cross-Site Scripting via Malformed URL in Version Control Feature
CVSS 7.1
CVE-2024-9118 MEDIUM
QS Dark Mode Plugin <= 2.9 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-9060 MEDIUM
AVIF & SVG Uploader 1.1.0 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-9241 MEDIUM
PDF Image Generator <= 1.5.6 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg
CVSS 6.1
CVE-2024-9228 MEDIUM
Loggedin < 1.3.1 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg URL Parameter
CVSS 6.1
CVE-2024-9220 MEDIUM
LH Copy Media File <= 1.08 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg
CVSS 6.1
CVE-2024-9209 MEDIUM
WP Search Analytics <= 1.4.10 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg
CVSS 6.1
CVE-2024-8799 MEDIUM
Custom Banners <= 3.3 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg
CVSS 6.1
CVE-2024-8793 MEDIUM
Store Exporter for WooCommerce <2.7.2.1 - XSS
CVSS 6.1
CVE-2024-8786 MEDIUM
Auto Featured Image from Title <= 2.3 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg
CVSS 6.1
CVE-2024-8324 MEDIUM
XO Slider plugin - WordPress <3.8.6 - XSS
CVSS 6.4
CVE-2024-8288 MEDIUM
Guten Post Layout WordPress Plugin <= 1.2.4 - Authenticated Stored XSS via 'align' Attribute
CVSS 6.4
CVE-2024-9304 MEDIUM
WordPress LocateAndFilter <1.6.14 - XSS
CVSS 6.4
Details
Vulnerabilities 45,456
Exploit Likelihood High