CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,456 vulnerabilities with CWE-79
CVE-2024-47184 MEDIUM
ampache < 6.6.0 - Stored Cross-Site Scripting in Democratic Playlist Name
CVSS 6.1
CVE-2024-40512 HIGH
openPetra 2023.02 - Cross-Site Scripting via serverMReporting.asmx Function
CVSS 7.3
CVE-2024-40511 HIGH
openPetra 2023.02 - Cross-Site Scripting via serverMServerAdmin.asmx Function
CVSS 7.3
CVE-2024-9279 LOW
funnyzpc mee-admin < 1.6 - Cross-Site Scripting via User Nickname
CVSS 2.4
CVE-2024-8608 MEDIUM
Oceanic Software ValeApp <2.0.0 - XSS
CVSS 5.4
CVE-2024-9276 LOW
TMsoft MyAuth Gateway 3 - Cross-Site Scripting via /index.php console/nocache/cmd Argument
CVSS 3.5
CVE-2024-6931 HIGH
The Events Calendar <= 6.6.3 - Unauthenticated Stored Cross-Site Scripting via RSVP Name Field
CVSS 7.2
CVE-2024-41930 MEDIUM
MF Teacher Performance Management System <6 - XSS
CVSS 6.1
CVE-2024-9049 MEDIUM
Beaver Builder < 2.8.3.6 - Authenticated Stored Cross-Site Scripting via Button Group Module
CVSS 6.4
CVE-2024-8991 MEDIUM
OSM - OpenStreetMap <= 6.1.0 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-8681 MEDIUM
Premium Addons for Elementor <4.10.52 - XSS
CVSS 6.4
CVE-2024-8965 MEDIUM
Absolute Reviews <= 1.1.3 - Authenticated Stored Cross-Site Scripting via Custom Post Criteria Name Field
CVSS 6.4
CVE-2024-40508 HIGH
openPetra 2023.02 - Cross-Site Scripting via serverMConference.asmx Function
CVSS 7.3
CVE-2024-40507 HIGH
openPetra 2023.02 - Cross-Site Scripting via serverMPersonnel.asmx Function
CVSS 7.3
CVE-2024-40506 HIGH
openPetra 2023.02 - Cross-Site Scripting via serverMHospitality.asmx Function
CVSS 7.3
CVE-2024-45986 MEDIUM
Projectworld Online Voting System 1.0 - Stored Cross-Site Scripting in Voter and Profile Pages
CVSS 5.4
CVE-2024-47075 MEDIUM
layui < 2.9.17 - Cross-Site Scripting via DOM Clobbering
CVSS 6.4
CVE-2024-45985 MEDIUM
Blood Bank and Donation Management System 1.0 - Cross-Site Scripting via update_contact.php Name Parameter
CVSS 4.7
CVE-2024-45984 MEDIUM
Blood Bank And Donation Management System 1.0 - Stored Cross-Site Scripting in add_donor.php
CVSS 4.7
CVE-2024-9177 MEDIUM
Themedy Toolbox <= 1.0.14 and <= 1.0.15 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-8633 MEDIUM
Form Maker by 10Web - WordPress <1.15.27 - XSS
CVSS 5.5
CVE-2024-9198 HIGH
Clibo Manager 1.1.9.1 - Stored Cross-Site Scripting via SVG Profile Picture Upload
CVSS 7.6
CVE-2024-9173 MEDIUM
GF Custom Style < 2.0 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-9127 MEDIUM
Super Testimonials <= 3.0.0 - Authenticated Stored Cross-Site Scripting via Alignment Parameter
CVSS 6.4
CVE-2024-9125 MEDIUM
king_IE < 1.0 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
Details
Vulnerabilities 45,456
Exploit Likelihood High