CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,468 vulnerabilities with CWE-79
CVE-2024-5628 MEDIUM
Avada | Website Builder For WordPress & eCommerce <3.11.9 - XSS
CVSS 6.4
CVE-2024-8656 MEDIUM
WPFactory Helper <= 1.7.0 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg
CVSS 6.1
CVE-2024-45303 MEDIUM
Discourse Calendar < 0.5 - Cross-Site Scripting in Event Name Rendering
CVSS 6.1
CVE-2024-34335 MEDIUM
ordat.erp < 2.24.01 - Reflected Cross-Site Scripting via Login Page
CVSS 6.1
CVE-2024-8696 CRITICAL
Docker Desktop < 4.34.2 - Remote Code Execution via Malicious Extension Publisher URL
CVSS 9.8
CVE-2024-8695 CRITICAL
Docker Desktop < 4.34.2 - Remote Code Execution via Crafted Extension Description/Changelog
CVSS 9.8
CVE-2024-6702 MEDIUM
Pega Infinity 8.1-24.1.2 - HTML Injection in Stage
CVSS 5.2
CVE-2024-6701 MEDIUM
Pega Infinity 8.1-24.1.2 - Cross-Site Scripting in Case Type
CVSS 5.5
CVE-2024-6700 MEDIUM
Pega Infinity 8.1-24.1.2 - Stored Cross-Site Scripting via App Name
CVSS 5.5
CVE-2024-45856 CRITICAL
MindsDB - Stored Cross-Site Scripting in ML Engine Enumeration
CVSS 9.0
CVE-2024-8750 MEDIUM
i-doit pro 28 - Cross-Site Scripting via Unsanitized URL Parameters
CVSS 5.4
CVE-2024-8622 MEDIUM
amCharts: Charts and Maps <1.4.4 - XSS
CVSS 6.1
CVE-2024-2010 MEDIUM
Tebilisim V5 < 6.2 - Basic XSS
CVSS 6.1
CVE-2024-8056 MEDIUM
MM-Breaking News < 0.7.9 - Reflected Cross-Site Scripting via REQUEST_URI Parameter
CVSS 6.1
CVE-2024-8054 MEDIUM
MM-Breaking News < 0.7.9 - Stored Cross-Site Scripting via CSRF Attack
CVSS 6.1
CVE-2024-7861 MEDIUM
Misiek Paypal WordPress Plugin <= 1.1.20090324 - Stored Cross-Site Scripting via CSRF Attack
CVSS 6.1
CVE-2024-7860 MEDIUM
Simple Headline Rotator < 1.0 - Stored Cross-Site Scripting via CSRF Attack
CVSS 6.1
CVE-2024-7822 MEDIUM
Quick Code < 1.0 - Stored Cross-Site Scripting via CSRF Attack
CVSS 6.1
CVE-2024-7818 MEDIUM
Misiek Photo Album < 1.4.3 - Stored Cross-Site Scripting via CSRF Attack
CVSS 6.1
CVE-2024-7816 MEDIUM
Gixaw Chat < 1.0 - Cross-Site Request Forgery and Stored Cross-Site Scripting
CVSS 6.1
CVE-2024-6887 MEDIUM
RafflePress < 1.12.16 - Authenticated Stored Cross-Site Scripting in Giveaways Settings
CVSS 4.8
CVE-2024-6019 MEDIUM
Music Request Manager < 1.3 - Unauthenticated Stored Cross-Site Scripting via Music Request Input
CVSS 6.1
CVE-2024-6018 MEDIUM
Music Request Manager < 1.3 - Reflected Cross-Site Scripting via REQUEST_URI Parameter
CVSS 6.1
CVE-2024-5799 MEDIUM
CM Pop-Up Banners for WordPress < 1.7.3 - Authenticated Stored Cross-Site Scripting via Popup Fields
CVSS 4.8
CVE-2024-8708 LOW
SourceCodester Best House Rental Management System 1.0 - XSS
CVSS 3.5
Details
Vulnerabilities 45,468
Exploit Likelihood High