CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,461 vulnerabilities with CWE-79
CVE-2024-42346 HIGH
Galaxy < 24.1.1 - Stored Cross-Site Scripting via Visualization Editor
CVSS 7.6
CVE-2024-42697 MEDIUM
Leotheme Leo Product Search Module <2.1.6 - XSS
CVSS 6.1
CVE-2024-37879 MEDIUM
User-friendly SVN <v1.0.12 - Code Injection
CVSS 4.8
CVE-2024-9033 LOW
Best House Rental Management System 1.0 - Stored Cross-Site Scripting via /ajax.php name Parameter
CVSS 3.5
CVE-2024-9031 LOW
CRMGo SaaS < 7.2 - Stored Cross-Site Scripting via Task Comment
CVSS 3.5
CVE-2024-9030 LOW
CRMGo SaaS 7.2 - Stored Cross-Site Scripting via Notes Parameter
CVSS 3.5
CVE-2024-9007 LOW
123solar 1.8.4.5 - Cross-Site Scripting via date1 Parameter in detailed.php
CVSS 3.5
CVE-2024-38221 MEDIUM
Microsoft Edge Chromium < 129.0.2792.52 - Spoofing
CVSS 4.3
CVE-2024-8653 MEDIUM
NetCat CMS < 6.4.0.24248 - Stored Cross-Site Scripting
CVSS 6.1
CVE-2024-8652 MEDIUM
NetCat CMS < 6.4.0.24248 - Stored Cross-Site Scripting via Specific Path
CVSS 6.1
CVE-2024-7737 HIGH
Dassault Systmes 3DSwymer R2022x-R2024x - Stored Cross-Site Scripting in 3DSwym
CVSS 8.7
CVE-2024-7736 HIGH
3DEXPERIENCE ENOVIA R2022x-R2024x - Reflected Cross-Site Scripting
CVSS 8.7
CVE-2024-7785 CRITICAL
Ece Software Electronic Ticket System <2024.08 - XSS
CVE-2024-8850 MEDIUM
MC4WP: Mailchimp for WordPress 4.9.9-4.9.16 - Unauthenticated Reflected Cross-Site Scripting via Email Parameter
CVSS 6.1
CVE-2024-8364 MEDIUM
WP Custom Fields Search <1.2.35 - XSS
CVSS 6.4
CVE-2024-47058 LOW
Mautic 1.0.0-4.4.12 and 5.0.0-alpha-5.1.0 - Stored Cross-Site Scripting in Form HTML Field
CVSS 2.9
CVE-2024-47050 MEDIUM
Mautic 2.6.0-4.4.12 - Cross-Site Scripting via Page URL Variable
CVSS 5.4
CVE-2024-46372 MEDIUM
dedecms 5.7.115 - Stored Cross-Site Scripting via Advertisement Code Box
CVSS 6.1
CVE-2024-43025 MEDIUM
RWS MultiTrans < 7.0.23324.2 - HTML Injection via Crafted Email Payload
CVSS 6.1
CVE-2024-43024 MEDIUM
RWS MultiTrans < 7.0.23324.2 - Stored Cross-Site Scripting
CVSS 6.1
CVE-2024-6877 MEDIUM
Eliz Software Panel < 2.3.24 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-5959 MEDIUM
Eliz Software Panel < 2.3.24 - Stored Cross-Site Scripting
CVSS 5.4
CVE-2024-45366 MEDIUM
Welcart e-Commerce < 2.11.2 - Cross-Site Scripting
CVSS 6.1
CVE-2024-44005 MEDIUM
Greenshift <= 9.3.7 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-44003 HIGH
Spice Starter Sites <= 1.2.5 - Reflected Cross-Site Scripting
CVSS 7.1
Details
Vulnerabilities 45,461
Exploit Likelihood High