CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,456 vulnerabilities with CWE-79
CVE-2024-8283 MEDIUM
The Slider by 10Web WordPress plugin <1.2.59 - XSS
CVSS 4.8
CVE-2024-8239 MEDIUM
Starbox < 3.5.3 - Stored Cross-Site Scripting via Social Media Profile URL
CVSS 5.4
CVE-2024-3635 MEDIUM
The Post Grid WordPress Plugin < 7.5.0 - Authenticated Stored Cross-Site Scripting in Grid Settings
CVSS 4.8
CVE-2024-9323 LOW
SourceCodester Inventory Management System 1.0 - Cross-Site Scripting in add_staff.php
CVSS 3.5
CVE-2024-9320 LOW
Online Timesheet App 1.0 - Cross-Site Scripting via Add Timesheet Form Day/Task Parameter
CVSS 3.5
CVE-2024-9300 MEDIUM
SourceCodester Online Railway Reservation System 1.0 - Stored Cross-Site Scripting via Contact Us Form
CVSS 4.3
CVE-2024-9299 LOW
SourceCodester Online Railway Reservation System 1.0 - Stored Cross-Site Scripting via Reservation Page Input Fields
CVSS 3.5
CVE-2024-8189 MEDIUM
WP MultiTasking - WP Utilities <0.1.17 - XSS
CVSS 4.4
CVE-2024-8712 MEDIUM
GTM Server Side - WordPress <2.1.19 - XSS
CVSS 6.1
CVE-2024-8715 MEDIUM
Simple LDAP Login <= 1.6.0 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg
CVSS 6.1
CVE-2024-9023 MEDIUM
WP-WebAuthn <= 1.3.3 - Authenticated Stored Cross-Site Scripting via wwa_login_form Shortcode
CVSS 6.4
CVE-2024-8788 MEDIUM
EU/UK VAT Manager for WooCommerce <2.12.11 - XSS
CVSS 6.1
CVE-2024-8547 MEDIUM
Simple Popup Plugin < 4.5 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-9291 LOW
kvf-admin < 2022-02-12 - Cross-Site Scripting via upfile Parameter in XML File Handler
CVSS 3.5
CVE-2024-47186 MEDIUM
Filament 3.0.0-3.2.114 - Cross-Site Scripting in ColorColumn and ColumnEntry
CVSS 6.1
CVE-2024-46453 MEDIUM
Honeywell IQ3XCITE Firmware 2.31-3.05 - Cross-Site Scripting via /test/ Endpoint
CVSS 6.1
CVE-2024-38308 HIGH
Advantech ADAM 5550 - Info Disclosure
CVSS 8.8
CVE-2024-25412 MEDIUM
Flatpress < 1.3 - Cross-Site Scripting via Email Field
CVSS 6.1
CVE-2024-25411 MEDIUM
Flatpress < 1.3 - Cross-Site Scripting via Username Parameter in setup.php
CVSS 6.1
CVE-2024-46367 CRITICAL
Webkul Krayin CRM 1.3.0 - Stored Cross-Site Scripting via Username Field
CVSS 9.6
CVE-2024-46470 MEDIUM
CodeAstro Membership Management System 1.0 - Cross-Site Scripting via membership_type Field
CVSS 6.1
CVE-2024-46333 MEDIUM
Piwigo 14.5.0 - Authenticated Stored Cross-Site Scripting via Album Name Parameter
CVSS 4.8
CVE-2024-40510 HIGH
openPetra 2023.02 - Cross-Site Scripting via serverMCommon.asmx Function
CVSS 8.2
CVE-2024-40509 HIGH
openPetra 2023.02 - Cross-Site Scripting via serverMFinDev.asmx Function
CVSS 7.3
CVE-2024-9283 LOW
RelaxedJS ReLaXed <= 0.2.2 - Cross-Site Scripting in Pug to PDF Converter
CVSS 3.3
Details
Vulnerabilities 45,456
Exploit Likelihood High