CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,456 vulnerabilities with CWE-79
CVE-2024-8283
MEDIUM
The Slider by 10Web WordPress plugin <1.2.59 - XSS
CVSS 4.8
CVE-2024-8239
MEDIUM
Starbox < 3.5.3 - Stored Cross-Site Scripting via Social Media Profile URL
CVSS 5.4
CVE-2024-3635
MEDIUM
The Post Grid WordPress Plugin < 7.5.0 - Authenticated Stored Cross-Site Scripting in Grid Settings
CVSS 4.8
CVE-2024-9323
LOW
SourceCodester Inventory Management System 1.0 - Cross-Site Scripting in add_staff.php
CVSS 3.5
CVE-2024-9320
LOW
Online Timesheet App 1.0 - Cross-Site Scripting via Add Timesheet Form Day/Task Parameter
CVSS 3.5
CVE-2024-9300
MEDIUM
SourceCodester Online Railway Reservation System 1.0 - Stored Cross-Site Scripting via Contact Us Form
CVSS 4.3
CVE-2024-9299
LOW
SourceCodester Online Railway Reservation System 1.0 - Stored Cross-Site Scripting via Reservation Page Input Fields
CVSS 3.5
CVE-2024-8189
MEDIUM
WP MultiTasking - WP Utilities <0.1.17 - XSS
CVSS 4.4
CVE-2024-8712
MEDIUM
GTM Server Side - WordPress <2.1.19 - XSS
CVSS 6.1
CVE-2024-8715
MEDIUM
Simple LDAP Login <= 1.6.0 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg
CVSS 6.1
CVE-2024-9023
MEDIUM
WP-WebAuthn <= 1.3.3 - Authenticated Stored Cross-Site Scripting via wwa_login_form Shortcode
CVSS 6.4
CVE-2024-8788
MEDIUM
EU/UK VAT Manager for WooCommerce <2.12.11 - XSS
CVSS 6.1
CVE-2024-8547
MEDIUM
Simple Popup Plugin < 4.5 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-9291
LOW
kvf-admin < 2022-02-12 - Cross-Site Scripting via upfile Parameter in XML File Handler
CVSS 3.5
CVE-2024-47186
MEDIUM
Filament 3.0.0-3.2.114 - Cross-Site Scripting in ColorColumn and ColumnEntry
CVSS 6.1
CVE-2024-46453
MEDIUM
Honeywell IQ3XCITE Firmware 2.31-3.05 - Cross-Site Scripting via /test/ Endpoint
CVSS 6.1
CVE-2024-38308
HIGH
Advantech ADAM 5550 - Info Disclosure
CVSS 8.8
CVE-2024-25412
MEDIUM
Flatpress < 1.3 - Cross-Site Scripting via Email Field
CVSS 6.1
CVE-2024-25411
MEDIUM
Flatpress < 1.3 - Cross-Site Scripting via Username Parameter in setup.php
CVSS 6.1
CVE-2024-46367
CRITICAL
Webkul Krayin CRM 1.3.0 - Stored Cross-Site Scripting via Username Field
CVSS 9.6
CVE-2024-46470
MEDIUM
CodeAstro Membership Management System 1.0 - Cross-Site Scripting via membership_type Field
CVSS 6.1
CVE-2024-46333
MEDIUM
Piwigo 14.5.0 - Authenticated Stored Cross-Site Scripting via Album Name Parameter
CVSS 4.8
CVE-2024-40510
HIGH
openPetra 2023.02 - Cross-Site Scripting via serverMCommon.asmx Function
CVSS 8.2
CVE-2024-40509
HIGH
openPetra 2023.02 - Cross-Site Scripting via serverMFinDev.asmx Function
CVSS 7.3
CVE-2024-9283
LOW
RelaxedJS ReLaXed <= 0.2.2 - Cross-Site Scripting in Pug to PDF Converter
CVSS 3.3
Details
Vulnerabilities
45,456
Exploit Likelihood
High