CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,468 vulnerabilities with CWE-79
CVE-2024-8554 LOW
SourceCodester Clinics Patient Management System 2.0 - XSS
CVSS 3.5
CVE-2024-1596 HIGH
Ninja Forms - File Uploads <= 3.3.16 - Unauthenticated Stored Cross-Site Scripting via RTX File Upload
CVSS 7.2
CVE-2024-6849 MEDIUM
WordPress Loading Screen Plugin <2.2.1 - XSS
CVSS 6.4
CVE-2024-8521 MEDIUM
Wavelog < 1.8.1 - Cross-Site Scripting via Live QSO Manual Argument
CVSS 4.3
CVE-2024-38640 MEDIUM
QNAP Download Station 5.8.0-5.8.6.283 - Authenticated Cross-Site Scripting
CVSS 5.4
CVE-2024-32762 HIGH
QuLog Center 1.7.0-1.7.0.826 - Cross-Site Scripting via Network
CVSS 8.2
CVE-2024-27126 MEDIUM
Notes Station 3 3.9.0-3.9.5 - Authenticated Stored Cross-Site Scripting
CVSS 6.3
CVE-2024-27125 LOW
QNAP Helpdesk < 3.3.1 - Authenticated Stored Cross-Site Scripting
CVSS 3.5
CVE-2024-27122 MEDIUM
Notes Station 3 3.9.0-3.9.5 - Authenticated Stored Cross-Site Scripting
CVSS 6.3
CVE-2024-21897 HIGH
QNAP QTS and QuTS hero - Authenticated Cross-Site Scripting
CVSS 8.9
CVE-2024-7611 MEDIUM
Enter Addons - Ultimate Template Builder for Elementor <= 2.1.8 - Authenticated Stored XSS via Events Card Widget
CVSS 6.4
CVE-2024-7599 MEDIUM
Advanced Sermons <= 3.3 - Authenticated Stored Cross-Site Scripting via sermon_video_embed Parameter
CVSS 6.4
CVE-2024-44837 MEDIUM
Drug 1.0 - Cross-Site Scripting via User Parameter
CVSS 5.4
CVE-2024-8317 MEDIUM
WP AdCenter - Ad Manager & Adsense Ads <= 2.5.6 - Authenticated Stored Cross-Site Scripting via ad_alignment Attribute
CVSS 6.4
CVE-2024-6792 LOW
WP ULike <4.7.2.1 - Info Disclosure
CVSS 3.5
CVE-2024-45400 MEDIUM
CKEditor Open Link Plugin <1.0.7 - Link href Cross-Site Scripting
CVSS 6.1
CVE-2024-44728 MEDIUM
Sourcecodehero Event Management System 1.0 - XSS
CVSS 6.1
CVE-2024-45176 MEDIUM
za-internet C-MOR Video Surveillance 5.2401 - XSS
CVSS 6.1
CVE-2024-8473 MEDIUM
Phpgurukul Job Portal - Cross-Site Scripting via user_email Parameter
CVSS 6.3
CVE-2024-8472 MEDIUM
phpgurukul Job Portal - Cross-Site Scripting
CVSS 6.3
CVE-2024-8471 MEDIUM
Phpgurukul Job Portal - Cross-Site Scripting via JOBID and USERNAME
CVSS 6.3
CVE-2024-6929 MEDIUM
Dynamic Featured Image <= 3.7.0 - Authenticated Stored Cross-Site Scripting via dfiFeatured Parameter
CVSS 6.4
CVE-2024-6894 MEDIUM
RD Station < 5.3.2 - Authenticated Stored Cross-Site Scripting via Post Metaboxes
CVSS 6.4
CVE-2024-8363 MEDIUM
Share This Image <= 2.02 - Authenticated Stored Cross-Site Scripting via STI Buttons Shortcode
CVSS 6.4
CVE-2024-45429 MEDIUM
Advanced Custom Fields <6.3.5 - XSS
CVSS 6.1
Details
Vulnerabilities 45,468
Exploit Likelihood High