CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,468 vulnerabilities with CWE-79
CVE-2024-5628
MEDIUM
Avada | Website Builder For WordPress & eCommerce <3.11.9 - XSS
CVSS 6.4
CVE-2024-8656
MEDIUM
WPFactory Helper <= 1.7.0 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg
CVSS 6.1
CVE-2024-45303
MEDIUM
Discourse Calendar < 0.5 - Cross-Site Scripting in Event Name Rendering
CVSS 6.1
CVE-2024-34335
MEDIUM
ordat.erp < 2.24.01 - Reflected Cross-Site Scripting via Login Page
CVSS 6.1
CVE-2024-8696
CRITICAL
Docker Desktop < 4.34.2 - Remote Code Execution via Malicious Extension Publisher URL
CVSS 9.8
CVE-2024-8695
CRITICAL
Docker Desktop < 4.34.2 - Remote Code Execution via Crafted Extension Description/Changelog
CVSS 9.8
CVE-2024-6702
MEDIUM
Pega Infinity 8.1-24.1.2 - HTML Injection in Stage
CVSS 5.2
CVE-2024-6701
MEDIUM
Pega Infinity 8.1-24.1.2 - Cross-Site Scripting in Case Type
CVSS 5.5
CVE-2024-6700
MEDIUM
Pega Infinity 8.1-24.1.2 - Stored Cross-Site Scripting via App Name
CVSS 5.5
CVE-2024-45856
CRITICAL
MindsDB - Stored Cross-Site Scripting in ML Engine Enumeration
CVSS 9.0
CVE-2024-8750
MEDIUM
i-doit pro 28 - Cross-Site Scripting via Unsanitized URL Parameters
CVSS 5.4
CVE-2024-8622
MEDIUM
amCharts: Charts and Maps <1.4.4 - XSS
CVSS 6.1
CVE-2024-2010
MEDIUM
Tebilisim V5 < 6.2 - Basic XSS
CVSS 6.1
CVE-2024-8056
MEDIUM
MM-Breaking News < 0.7.9 - Reflected Cross-Site Scripting via REQUEST_URI Parameter
CVSS 6.1
CVE-2024-8054
MEDIUM
MM-Breaking News < 0.7.9 - Stored Cross-Site Scripting via CSRF Attack
CVSS 6.1
CVE-2024-7861
MEDIUM
Misiek Paypal WordPress Plugin <= 1.1.20090324 - Stored Cross-Site Scripting via CSRF Attack
CVSS 6.1
CVE-2024-7860
MEDIUM
Simple Headline Rotator < 1.0 - Stored Cross-Site Scripting via CSRF Attack
CVSS 6.1
CVE-2024-7822
MEDIUM
Quick Code < 1.0 - Stored Cross-Site Scripting via CSRF Attack
CVSS 6.1
CVE-2024-7818
MEDIUM
Misiek Photo Album < 1.4.3 - Stored Cross-Site Scripting via CSRF Attack
CVSS 6.1
CVE-2024-7816
MEDIUM
Gixaw Chat < 1.0 - Cross-Site Request Forgery and Stored Cross-Site Scripting
CVSS 6.1
CVE-2024-6887
MEDIUM
RafflePress < 1.12.16 - Authenticated Stored Cross-Site Scripting in Giveaways Settings
CVSS 4.8
CVE-2024-6019
MEDIUM
Music Request Manager < 1.3 - Unauthenticated Stored Cross-Site Scripting via Music Request Input
CVSS 6.1
CVE-2024-6018
MEDIUM
Music Request Manager < 1.3 - Reflected Cross-Site Scripting via REQUEST_URI Parameter
CVSS 6.1
CVE-2024-5799
MEDIUM
CM Pop-Up Banners for WordPress < 1.7.3 - Authenticated Stored Cross-Site Scripting via Popup Fields
CVSS 4.8
CVE-2024-8708
LOW
SourceCodester Best House Rental Management System 1.0 - XSS
CVSS 3.5
Details
Vulnerabilities
45,468
Exploit Likelihood
High