CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,468 vulnerabilities with CWE-79
CVE-2024-8554
LOW
SourceCodester Clinics Patient Management System 2.0 - XSS
CVSS 3.5
CVE-2024-1596
HIGH
Ninja Forms - File Uploads <= 3.3.16 - Unauthenticated Stored Cross-Site Scripting via RTX File Upload
CVSS 7.2
CVE-2024-6849
MEDIUM
WordPress Loading Screen Plugin <2.2.1 - XSS
CVSS 6.4
CVE-2024-8521
MEDIUM
Wavelog < 1.8.1 - Cross-Site Scripting via Live QSO Manual Argument
CVSS 4.3
CVE-2024-38640
MEDIUM
QNAP Download Station 5.8.0-5.8.6.283 - Authenticated Cross-Site Scripting
CVSS 5.4
CVE-2024-32762
HIGH
QuLog Center 1.7.0-1.7.0.826 - Cross-Site Scripting via Network
CVSS 8.2
CVE-2024-27126
MEDIUM
Notes Station 3 3.9.0-3.9.5 - Authenticated Stored Cross-Site Scripting
CVSS 6.3
CVE-2024-27125
LOW
QNAP Helpdesk < 3.3.1 - Authenticated Stored Cross-Site Scripting
CVSS 3.5
CVE-2024-27122
MEDIUM
Notes Station 3 3.9.0-3.9.5 - Authenticated Stored Cross-Site Scripting
CVSS 6.3
CVE-2024-21897
HIGH
QNAP QTS and QuTS hero - Authenticated Cross-Site Scripting
CVSS 8.9
CVE-2024-7611
MEDIUM
Enter Addons - Ultimate Template Builder for Elementor <= 2.1.8 - Authenticated Stored XSS via Events Card Widget
CVSS 6.4
CVE-2024-7599
MEDIUM
Advanced Sermons <= 3.3 - Authenticated Stored Cross-Site Scripting via sermon_video_embed Parameter
CVSS 6.4
CVE-2024-44837
MEDIUM
Drug 1.0 - Cross-Site Scripting via User Parameter
CVSS 5.4
CVE-2024-8317
MEDIUM
WP AdCenter - Ad Manager & Adsense Ads <= 2.5.6 - Authenticated Stored Cross-Site Scripting via ad_alignment Attribute
CVSS 6.4
CVE-2024-6792
LOW
WP ULike <4.7.2.1 - Info Disclosure
CVSS 3.5
CVE-2024-45400
MEDIUM
CKEditor Open Link Plugin <1.0.7 - Link href Cross-Site Scripting
CVSS 6.1
CVE-2024-44728
MEDIUM
Sourcecodehero Event Management System 1.0 - XSS
CVSS 6.1
CVE-2024-45176
MEDIUM
za-internet C-MOR Video Surveillance 5.2401 - XSS
CVSS 6.1
CVE-2024-8473
MEDIUM
Phpgurukul Job Portal - Cross-Site Scripting via user_email Parameter
CVSS 6.3
CVE-2024-8472
MEDIUM
phpgurukul Job Portal - Cross-Site Scripting
CVSS 6.3
CVE-2024-8471
MEDIUM
Phpgurukul Job Portal - Cross-Site Scripting via JOBID and USERNAME
CVSS 6.3
CVE-2024-6929
MEDIUM
Dynamic Featured Image <= 3.7.0 - Authenticated Stored Cross-Site Scripting via dfiFeatured Parameter
CVSS 6.4
CVE-2024-6894
MEDIUM
RD Station < 5.3.2 - Authenticated Stored Cross-Site Scripting via Post Metaboxes
CVSS 6.4
CVE-2024-8363
MEDIUM
Share This Image <= 2.02 - Authenticated Stored Cross-Site Scripting via STI Buttons Shortcode
CVSS 6.4
CVE-2024-45429
MEDIUM
Advanced Custom Fields <6.3.5 - XSS
CVSS 6.1
Details
Vulnerabilities
45,468
Exploit Likelihood
High