CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,461 vulnerabilities with CWE-79
CVE-2024-8738 MEDIUM
Seriously Simple Stats <1.6.0 - XSS
CVSS 6.1
CVE-2024-8716 MEDIUM
WooCommerce XT Ajax Add To Cart <1.1.2 - XSS
CVSS 6.1
CVE-2024-8662 MEDIUM
Koko Analytics <= 1.3.12 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg
CVSS 6.1
CVE-2024-8657 MEDIUM
Garden Gnome Package <= 2.2.9 - Authenticated Stored Cross-Site Scripting via ggpkg Shortcode
CVSS 6.4
CVE-2024-8544 MEDIUM
Pixel Cat Conversion Pixel Manager <3.0.5 - XSS
CVSS 6.1
CVE-2024-8770 MEDIUM
GitHub Enterprise Server >=3.10.0 <3.10.17 - Cross-Site Scripting via Repository Transfer Feature
CVSS 6.1
CVE-2024-47069 MEDIUM
Oveleon Cookie Bar < 1.16.3 - Reflected Cross-Site Scripting via Locale Parameter
CVSS 6.1
CVE-2024-47068 MEDIUM
Rollup <2.79.2, <3.29.5, <4.22.4 - XSS
CVSS 6.1
CVE-2024-46241 MEDIUM
PHPGurukul Dairy Farm Shop Management System 1.1 - Stored Cross-Site Scripting via pname Parameter
CVSS 5.9
CVE-2024-7835 HIGH
Exnet Informatics Software Ferry Reservation System <240805-002 - XSS
CVE-2024-8758 MEDIUM
Quiz and Survey Master WordPress Plugin < 9.1.3 - Authenticated Stored Cross-Site Scripting in Settings
CVSS 4.8
CVE-2024-7846 MEDIUM
YITH WooCommerce Ajax Search < 2.7.1 - Stored Cross-Site Scripting via Block Attributes
CVSS 5.4
CVE-2024-47227 MEDIUM
iRedAdmin < 2.6 - Cross-Site Scripting via order_name Parameter
CVSS 6.1
CVE-2024-9092 LOW
SourceCodester Profile Registration 1.0 - Cross-Site Scripting via full_name Parameter
CVSS 3.5
CVE-2024-9089 LOW
Modern Loan Management System 1.0 - Cross-Site Scripting via update_loan_record.php Amount Parameter
CVSS 3.5
CVE-2024-9084 LOW
code-projects Blood Bank System 1.0 - Cross-Site Scripting via bbms.php Input Parameters
CVSS 3.5
CVE-2024-9083 LOW
SourceCodester Employee Management System 1.0 - Cross-Site Scripting via txtfullname Parameter
CVSS 2.4
CVE-2024-9077 LOW
dingfanzu < 2024-01-31 - Stored Cross-Site Scripting via Order Checkout Address-Name Parameter
CVSS 3.5
CVE-2024-47226 MEDIUM
NetBox 4.1.0 - Stored Cross-Site Scripting in Configuration History Top Banner Field
CVSS 5.4
CVE-2024-9075 LOW
Stirling-PDF < 0.29.0 - Cross-Site Scripting in Markdown-to-PDF
CVSS 2.6
CVE-2024-9048 LOW
RuoYi < 4.7.9 - Cross-Site Scripting in Backend User Import via loginName
CVSS 3.1
CVE-2024-8680 MEDIUM
MC4WP: Mailchimp for WordPress <4.9.16 - XSS
CVSS 4.4
CVE-2024-45793 MEDIUM
Confidant < 6.6.2 - Authenticated Stored Cross-Site Scripting via Credentials and Services Endpoints
CVSS 4.8
CVE-2024-47061 HIGH
@udecode/plate-core 37.0.0-38.0.5 - Cross-Site Scripting via Custom DOM Attributes
CVSS 8.3
CVE-2024-46654 MEDIUM
Maccms10 v2024.1000.4040 - Stored Cross-Site Scripting in Add Scheduled Task Module
CVSS 4.8
Details
Vulnerabilities 45,461
Exploit Likelihood High