CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,468 vulnerabilities with CWE-79
CVE-2024-8693 LOW
Kaon CG3000 1.01.43 - Cross-Site Scripting via DHCPCD Command Handler
CVSS 2.4
CVE-2024-44573 MEDIUM
RELY-PCIe 22.2.1-23.1.0 - Stored Cross-Site Scripting in VLAN Configuration
CVSS 4.7
CVE-2024-44851 MEDIUM
Perfex CRM 1.1.0 - Stored Cross-Site Scripting in Discussion Content Parameter
CVSS 5.4
CVE-2024-43793 MEDIUM
Halo < 2.19.0 - Cross-Site Scripting
CVSS 6.3
CVE-2024-5416 MEDIUM
Elementor Website Builder < 3.23.4 - Authenticated Stored Cross-Site Scripting via Widget URL Parameter
CVSS 5.4
CVE-2024-8045 MEDIUM
Advanced WordPress Backgrounds <1.12.3 - XSS
CVSS 6.4
CVE-2024-8440 MEDIUM
Essential Addons for Elementor - XSS
CVSS 6.4
CVE-2024-7716 MEDIUM
gs_logo_slider < 3.6.9 - Authenticated Stored Cross-Site Scripting in Plugin Settings
CVSS 4.8
CVE-2024-3899 MEDIUM
Envira Gallery < 1.8.15 - Authenticated Stored Cross-Site Scripting via Image Settings
CVSS 4.8
CVE-2024-23906 MEDIUM
Controller 6000/7000 <9.10.240816a-9.00.240816a-8.90.240816a - CWE-79
CVSS 6.1
CVE-2024-34831 MEDIUM
Gibbon Core 26.0.00 - Stored Cross-Site Scripting via imageLink Parameter
CVSS 6.1
CVE-2024-44872 MEDIUM
moziloCMS 3.0 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-43476 HIGH
Microsoft Dynamics 365 < 9.1.32 - Cross-Site Scripting
CVSS 7.6
CVE-2024-45595 MEDIUM
d-tale < 3.14.1 - Remote Code Execution via Custom Filter Input
CVSS 6.1
CVE-2024-45592 HIGH
auditor-bundle < 5.2.6 - Stored Cross-Site Scripting via Unescaped Entity Property
CVSS 8.2
CVE-2024-44676 MEDIUM
eladmin < 2.7 - Cross-Site Scripting via LocalStoreController
CVSS 4.8
CVE-2024-43800 MEDIUM
serve-static < 1.16.0 - Cross-Site Scripting via Unsanitized User Input in redirect()
CVSS 5.0
CVE-2024-43799 MEDIUM
send < 0.19.0 - Cross-Site Scripting via SendStream.redirect()
CVSS 5.0
CVE-2024-43796 MEDIUM
Express < 4.20.0 - Cross-Site Scripting via response.redirect()
CVSS 5.0
CVE-2024-6282 MEDIUM
Master Addons for Elementor <= 2.0.6.4 - Authenticated Stored XSS via data-jltma-wrapper-link
CVSS 5.4
CVE-2024-8543 MEDIUM
Slider comparison image before and after plugin - XSS
CVSS 6.4
CVE-2024-8241 MEDIUM
Nova Blocks by Pixelgrade <2.1.7 - XSS
CVSS 6.4
CVE-2024-7655 MEDIUM
PeepSo < 6.4.6.0 - Authenticated Stored Cross-Site Scripting
CVSS 4.4
CVE-2024-7618 MEDIUM
PeepSo < 6.4.6.0 - Authenticated Stored Cross-Site Scripting via Content Parameter
CVSS 4.4
CVE-2024-7955 MEDIUM
Starbox < 3.5.2 - Authenticated Stored Cross-Site Scripting in Plugin Settings
CVSS 4.8
Details
Vulnerabilities 45,468
Exploit Likelihood High