CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,468 vulnerabilities with CWE-79
CVE-2024-7891
MEDIUM
Floating Contact Button < 2.8 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 4.8
CVE-2024-45280
MEDIUM
SAP NetWeaver AS Java (Logon Application) >=7.50 - Cross-Site Scripting
CVSS 4.8
CVE-2024-45279
MEDIUM
SAP NetWeaver Application Server for ABAP - XSS
CVSS 6.1
CVE-2024-44120
MEDIUM
SAP NetWeaver Enterprise Portal - XSS
CVSS 4.7
CVE-2024-42378
MEDIUM
SAP S/4HANA eProcurement - Reflected Cross-Site Scripting via Weak Input Encoding
CVSS 6.1
CVE-2024-8610
LOW
SourceCodester Best House Rental Management System 1.0 - XSS
CVSS 3.5
CVE-2024-44085
MEDIUM
ONLYOFFICE Docs < 8.1.0 - Cross-Site Scripting via Macro GeneratorFunction Object
CVSS 6.1
CVE-2024-24510
MEDIUM
Alinto SOGo < 5.10.0 - Cross-Site Scripting via Mail Import Function
CVSS 6.1
CVE-2024-45406
MEDIUM
Craft CMS 5.0.0-5.1.1 - Stored Cross-Site Scripting in Breadcrumb List and Title Fields
CVSS 5.5
CVE-2024-8605
MEDIUM
Code-projects Inventory Management 1.0 - XSS
CVSS 4.3
CVE-2024-8604
MEDIUM
SourceCodester Online Food Ordering System 2.0 - XSS
CVSS 4.3
CVE-2024-40643
CRITICAL
Joplin < 3.0.15 - Stored Cross-Site Scripting via Malformed HTML Tag Injection
CVSS 9.6
CVE-2024-7918
MEDIUM
Pocket Widget < 0.1.3 - Authenticated Stored Cross-Site Scripting in Settings
CVSS 4.8
CVE-2024-7687
MEDIUM
AZIndex WordPress plugin < 0.8.1 - Cross-Site Request Forgery and Stored Cross-Site Scripting
CVSS 4.3
CVE-2024-6910
MEDIUM
EventON < 2.2.17 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 4.8
CVE-2024-5561
MEDIUM
Popup Maker < 1.19.1 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 4.8
CVE-2024-45625
MEDIUM
Forminator < 1.34.1 - Stored Cross-Site Scripting via Crafted URL
CVSS 6.1
CVE-2024-8583
LOW
SourceCodester Online Bank Management System -1.0 - XSS
CVSS 3.5
CVE-2024-8582
LOW
SourceCodester Food Ordering Management System 1.0 - XSS
CVSS 3.5
CVE-2024-8572
LOW
Gouniverse GoLang CMS 1.4.0 - Cross-Site Scripting via PageRenderHtmlByAlias Alias Parameter
CVSS 3.5
CVE-2024-6859
MEDIUM
WP MultiTasking < 0.1.12 - Stored Cross-Site Scripting via Shortcode Attributes
CVSS 5.4
CVE-2024-8566
MEDIUM
code-projects Online Shop Store 1.0 - XSS
CVSS 4.3
CVE-2024-8563
LOW
PHP CRUD 1.0 - Cross-Site Scripting via first_name/middle_name/last_name Parameters
CVSS 3.5
CVE-2024-8562
LOW
SourceCodester PHP CRUD 1.0 - Cross-Site Scripting via first_name/middle_name/last_name Parameters
CVSS 3.5
CVE-2024-42020
MEDIUM
Veeam ONE 12-12.1.0.3208 - Cross-Site Scripting in Reporter Widgets
CVSS 5.4
Details
Vulnerabilities
45,468
Exploit Likelihood
High