CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,468 vulnerabilities with CWE-79
CVE-2024-7891 MEDIUM
Floating Contact Button < 2.8 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 4.8
CVE-2024-45280 MEDIUM
SAP NetWeaver AS Java (Logon Application) >=7.50 - Cross-Site Scripting
CVSS 4.8
CVE-2024-45279 MEDIUM
SAP NetWeaver Application Server for ABAP - XSS
CVSS 6.1
CVE-2024-44120 MEDIUM
SAP NetWeaver Enterprise Portal - XSS
CVSS 4.7
CVE-2024-42378 MEDIUM
SAP S/4HANA eProcurement - Reflected Cross-Site Scripting via Weak Input Encoding
CVSS 6.1
CVE-2024-8610 LOW
SourceCodester Best House Rental Management System 1.0 - XSS
CVSS 3.5
CVE-2024-44085 MEDIUM
ONLYOFFICE Docs < 8.1.0 - Cross-Site Scripting via Macro GeneratorFunction Object
CVSS 6.1
CVE-2024-24510 MEDIUM
Alinto SOGo < 5.10.0 - Cross-Site Scripting via Mail Import Function
CVSS 6.1
CVE-2024-45406 MEDIUM
Craft CMS 5.0.0-5.1.1 - Stored Cross-Site Scripting in Breadcrumb List and Title Fields
CVSS 5.5
CVE-2024-8605 MEDIUM
Code-projects Inventory Management 1.0 - XSS
CVSS 4.3
CVE-2024-8604 MEDIUM
SourceCodester Online Food Ordering System 2.0 - XSS
CVSS 4.3
CVE-2024-40643 CRITICAL
Joplin < 3.0.15 - Stored Cross-Site Scripting via Malformed HTML Tag Injection
CVSS 9.6
CVE-2024-7918 MEDIUM
Pocket Widget < 0.1.3 - Authenticated Stored Cross-Site Scripting in Settings
CVSS 4.8
CVE-2024-7687 MEDIUM
AZIndex WordPress plugin < 0.8.1 - Cross-Site Request Forgery and Stored Cross-Site Scripting
CVSS 4.3
CVE-2024-6910 MEDIUM
EventON < 2.2.17 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 4.8
CVE-2024-5561 MEDIUM
Popup Maker < 1.19.1 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 4.8
CVE-2024-45625 MEDIUM
Forminator < 1.34.1 - Stored Cross-Site Scripting via Crafted URL
CVSS 6.1
CVE-2024-8583 LOW
SourceCodester Online Bank Management System -1.0 - XSS
CVSS 3.5
CVE-2024-8582 LOW
SourceCodester Food Ordering Management System 1.0 - XSS
CVSS 3.5
CVE-2024-8572 LOW
Gouniverse GoLang CMS 1.4.0 - Cross-Site Scripting via PageRenderHtmlByAlias Alias Parameter
CVSS 3.5
CVE-2024-6859 MEDIUM
WP MultiTasking < 0.1.12 - Stored Cross-Site Scripting via Shortcode Attributes
CVSS 5.4
CVE-2024-8566 MEDIUM
code-projects Online Shop Store 1.0 - XSS
CVSS 4.3
CVE-2024-8563 LOW
PHP CRUD 1.0 - Cross-Site Scripting via first_name/middle_name/last_name Parameters
CVSS 3.5
CVE-2024-8562 LOW
SourceCodester PHP CRUD 1.0 - Cross-Site Scripting via first_name/middle_name/last_name Parameters
CVSS 3.5
CVE-2024-42020 MEDIUM
Veeam ONE 12-12.1.0.3208 - Cross-Site Scripting in Reporter Widgets
CVSS 5.4
Details
Vulnerabilities 45,468
Exploit Likelihood High