CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,461 vulnerabilities with CWE-79
CVE-2024-42346
HIGH
Galaxy < 24.1.1 - Stored Cross-Site Scripting via Visualization Editor
CVSS 7.6
CVE-2024-42697
MEDIUM
Leotheme Leo Product Search Module <2.1.6 - XSS
CVSS 6.1
CVE-2024-37879
MEDIUM
User-friendly SVN <v1.0.12 - Code Injection
CVSS 4.8
CVE-2024-9033
LOW
Best House Rental Management System 1.0 - Stored Cross-Site Scripting via /ajax.php name Parameter
CVSS 3.5
CVE-2024-9031
LOW
CRMGo SaaS < 7.2 - Stored Cross-Site Scripting via Task Comment
CVSS 3.5
CVE-2024-9030
LOW
CRMGo SaaS 7.2 - Stored Cross-Site Scripting via Notes Parameter
CVSS 3.5
CVE-2024-9007
LOW
123solar 1.8.4.5 - Cross-Site Scripting via date1 Parameter in detailed.php
CVSS 3.5
CVE-2024-38221
MEDIUM
Microsoft Edge Chromium < 129.0.2792.52 - Spoofing
CVSS 4.3
CVE-2024-8653
MEDIUM
NetCat CMS < 6.4.0.24248 - Stored Cross-Site Scripting
CVSS 6.1
CVE-2024-8652
MEDIUM
NetCat CMS < 6.4.0.24248 - Stored Cross-Site Scripting via Specific Path
CVSS 6.1
CVE-2024-7737
HIGH
Dassault Systmes 3DSwymer R2022x-R2024x - Stored Cross-Site Scripting in 3DSwym
CVSS 8.7
CVE-2024-7736
HIGH
3DEXPERIENCE ENOVIA R2022x-R2024x - Reflected Cross-Site Scripting
CVSS 8.7
CVE-2024-7785
CRITICAL
Ece Software Electronic Ticket System <2024.08 - XSS
CVE-2024-8850
MEDIUM
MC4WP: Mailchimp for WordPress 4.9.9-4.9.16 - Unauthenticated Reflected Cross-Site Scripting via Email Parameter
CVSS 6.1
CVE-2024-8364
MEDIUM
WP Custom Fields Search <1.2.35 - XSS
CVSS 6.4
CVE-2024-47058
LOW
Mautic 1.0.0-4.4.12 and 5.0.0-alpha-5.1.0 - Stored Cross-Site Scripting in Form HTML Field
CVSS 2.9
CVE-2024-47050
MEDIUM
Mautic 2.6.0-4.4.12 - Cross-Site Scripting via Page URL Variable
CVSS 5.4
CVE-2024-46372
MEDIUM
dedecms 5.7.115 - Stored Cross-Site Scripting via Advertisement Code Box
CVSS 6.1
CVE-2024-43025
MEDIUM
RWS MultiTrans < 7.0.23324.2 - HTML Injection via Crafted Email Payload
CVSS 6.1
CVE-2024-43024
MEDIUM
RWS MultiTrans < 7.0.23324.2 - Stored Cross-Site Scripting
CVSS 6.1
CVE-2024-6877
MEDIUM
Eliz Software Panel < 2.3.24 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-5959
MEDIUM
Eliz Software Panel < 2.3.24 - Stored Cross-Site Scripting
CVSS 5.4
CVE-2024-45366
MEDIUM
Welcart e-Commerce < 2.11.2 - Cross-Site Scripting
CVSS 6.1
CVE-2024-44005
MEDIUM
Greenshift <= 9.3.7 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-44003
HIGH
Spice Starter Sites <= 1.2.5 - Reflected Cross-Site Scripting
CVSS 7.1
Details
Vulnerabilities
45,461
Exploit Likelihood
High