CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,456 vulnerabilities with CWE-79
CVE-2024-47525
HIGH
LibreNMS < 24.9.0 - Authenticated Stored Cross-Site Scripting via Alert Rules Title Field
CVSS 7.5
CVE-2024-47524
HIGH
LibreNMS < 24.9.0 - Stored Cross-Site Scripting in Device Group Name
CVSS 7.2
CVE-2024-47523
HIGH
LibreNMS < 24.9.0 - Authenticated Stored Cross-Site Scripting in Alert Transports Details Section
CVSS 7.5
CVE-2024-46082
MEDIUM
Scriptcase < 9.10.023 - Cross-Site Scripting via nm_cor.php form and field Parameters
CVSS 5.4
CVE-2024-9411
LOW
ofcms 1.1.2 - Cross-Site Scripting via dict_value Parameter
CVSS 3.5
CVE-2024-46083
MEDIUM
Scriptcase < 9.10.023 - Authenticated Stored Cross-Site Scripting via Messages Feature
CVSS 5.4
CVE-2024-46081
MEDIUM
Scriptcase < 9.10.023 - Authenticated Stored Cross-Site Scripting in To-Do List
CVSS 5.4
CVE-2024-46079
MEDIUM
Scriptcase < 9.10.023 - Cross-Site Scripting via Descricao Parameter
CVSS 6.1
CVE-2024-31835
MEDIUM
flatpress < 1.3 - Cross-Site Scripting via File Name Parameter
CVSS 4.8
CVE-2024-9394
HIGH
Firefox < 131 and ESR < 115.16.0 - Cross-Site Scripting via Multipart Response
CVSS 7.5
CVE-2024-47604
HIGH
NuGetGallery 2024.06.21-2024.09.25 - Stored Cross-Site Scripting via HTML Attribute Handling
CVSS 8.2
CVE-2024-45967
MEDIUM
Pagekit 1.0.18 - Stored Cross-Site Scripting in Widget Admin Interface
CVSS 4.7
CVE-2024-41673
HIGH
Decidim < 0.27.8 - Cross-Site Scripting via Malformed URL in Version Control Feature
CVSS 7.1
CVE-2024-9118
MEDIUM
QS Dark Mode Plugin <= 2.9 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-9060
MEDIUM
AVIF & SVG Uploader 1.1.0 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-9241
MEDIUM
PDF Image Generator <= 1.5.6 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg
CVSS 6.1
CVE-2024-9228
MEDIUM
Loggedin < 1.3.1 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg URL Parameter
CVSS 6.1
CVE-2024-9220
MEDIUM
LH Copy Media File <= 1.08 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg
CVSS 6.1
CVE-2024-9209
MEDIUM
WP Search Analytics <= 1.4.10 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg
CVSS 6.1
CVE-2024-8799
MEDIUM
Custom Banners <= 3.3 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg
CVSS 6.1
CVE-2024-8793
MEDIUM
Store Exporter for WooCommerce <2.7.2.1 - XSS
CVSS 6.1
CVE-2024-8786
MEDIUM
Auto Featured Image from Title <= 2.3 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg
CVSS 6.1
CVE-2024-8324
MEDIUM
XO Slider plugin - WordPress <3.8.6 - XSS
CVSS 6.4
CVE-2024-8288
MEDIUM
Guten Post Layout WordPress Plugin <= 1.2.4 - Authenticated Stored XSS via 'align' Attribute
CVSS 6.4
CVE-2024-9304
MEDIUM
WordPress LocateAndFilter <1.6.14 - XSS
CVSS 6.4
Details
Vulnerabilities
45,456
Exploit Likelihood
High