CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,468 vulnerabilities with CWE-79
CVE-2024-8693
LOW
Kaon CG3000 1.01.43 - Cross-Site Scripting via DHCPCD Command Handler
CVSS 2.4
CVE-2024-44573
MEDIUM
RELY-PCIe 22.2.1-23.1.0 - Stored Cross-Site Scripting in VLAN Configuration
CVSS 4.7
CVE-2024-44851
MEDIUM
Perfex CRM 1.1.0 - Stored Cross-Site Scripting in Discussion Content Parameter
CVSS 5.4
CVE-2024-43793
MEDIUM
Halo < 2.19.0 - Cross-Site Scripting
CVSS 6.3
CVE-2024-5416
MEDIUM
Elementor Website Builder < 3.23.4 - Authenticated Stored Cross-Site Scripting via Widget URL Parameter
CVSS 5.4
CVE-2024-8045
MEDIUM
Advanced WordPress Backgrounds <1.12.3 - XSS
CVSS 6.4
CVE-2024-8440
MEDIUM
Essential Addons for Elementor - XSS
CVSS 6.4
CVE-2024-7716
MEDIUM
gs_logo_slider < 3.6.9 - Authenticated Stored Cross-Site Scripting in Plugin Settings
CVSS 4.8
CVE-2024-3899
MEDIUM
Envira Gallery < 1.8.15 - Authenticated Stored Cross-Site Scripting via Image Settings
CVSS 4.8
CVE-2024-23906
MEDIUM
Controller 6000/7000 <9.10.240816a-9.00.240816a-8.90.240816a - CWE-79
CVSS 6.1
CVE-2024-34831
MEDIUM
Gibbon Core 26.0.00 - Stored Cross-Site Scripting via imageLink Parameter
CVSS 6.1
CVE-2024-44872
MEDIUM
moziloCMS 3.0 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-43476
HIGH
Microsoft Dynamics 365 < 9.1.32 - Cross-Site Scripting
CVSS 7.6
CVE-2024-45595
MEDIUM
d-tale < 3.14.1 - Remote Code Execution via Custom Filter Input
CVSS 6.1
CVE-2024-45592
HIGH
auditor-bundle < 5.2.6 - Stored Cross-Site Scripting via Unescaped Entity Property
CVSS 8.2
CVE-2024-44676
MEDIUM
eladmin < 2.7 - Cross-Site Scripting via LocalStoreController
CVSS 4.8
CVE-2024-43800
MEDIUM
serve-static < 1.16.0 - Cross-Site Scripting via Unsanitized User Input in redirect()
CVSS 5.0
CVE-2024-43799
MEDIUM
send < 0.19.0 - Cross-Site Scripting via SendStream.redirect()
CVSS 5.0
CVE-2024-43796
MEDIUM
Express < 4.20.0 - Cross-Site Scripting via response.redirect()
CVSS 5.0
CVE-2024-6282
MEDIUM
Master Addons for Elementor <= 2.0.6.4 - Authenticated Stored XSS via data-jltma-wrapper-link
CVSS 5.4
CVE-2024-8543
MEDIUM
Slider comparison image before and after plugin - XSS
CVSS 6.4
CVE-2024-8241
MEDIUM
Nova Blocks by Pixelgrade <2.1.7 - XSS
CVSS 6.4
CVE-2024-7655
MEDIUM
PeepSo < 6.4.6.0 - Authenticated Stored Cross-Site Scripting
CVSS 4.4
CVE-2024-7618
MEDIUM
PeepSo < 6.4.6.0 - Authenticated Stored Cross-Site Scripting via Content Parameter
CVSS 4.4
CVE-2024-7955
MEDIUM
Starbox < 3.5.2 - Authenticated Stored Cross-Site Scripting in Plugin Settings
CVSS 4.8
Details
Vulnerabilities
45,468
Exploit Likelihood
High