CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,468 vulnerabilities with CWE-79
CVE-2024-44920
MEDIUM
SeaCMS 12.9 - Stored Cross-Site Scripting via admin_collect_news.php siteurl Parameter
CVSS 6.1
CVE-2024-42061
MEDIUM
Zyxel ZLD 4.32-5.38 - Reflected Cross-Site Scripting via dynamic_script.cgi
CVSS 6.1
CVE-2024-45621
MEDIUM
Rocket.Chat < 6.3.4 - Stored Cross-Site Scripting via Links in Uploaded Files
CVSS 5.4
CVE-2024-6920
MEDIUM
NACPremium < 2024-08-01 - Stored Cross-Site Scripting
CVSS 6.1
CVE-2024-43792
MEDIUM
Halo < 2.17.0 - Cross-Site Scripting
CVSS 6.3
CVE-2024-28100
HIGH
elabftw < 5.0.0 - Stored Cross-Site Scripting via Crafted File Upload
CVSS 8.9
CVE-2024-8004
HIGH
ENOVIA Collaborative Industry Innovator - XSS
CVSS 8.7
CVE-2024-7939
HIGH
3DEXPERIENCE R2024x - Stored Cross-Site Scripting in 3DSwym
CVSS 8.7
CVE-2024-7938
HIGH
3DEXPERIENCE R2023x-R2024x - Stored Cross-Site Scripting in 3DDashboard
CVSS 8.7
CVE-2024-7932
HIGH
3DEXPERIENCE R2024x - Stored Cross-Site Scripting in 3DDashboard
CVSS 8.7
CVE-2024-38858
MEDIUM
Checkmk < 2.3.0p14 - Cross-Site Scripting in Robotmk Logs View
CVSS 6.1
CVE-2024-7692
MEDIUM
Flaming Forms < 1.0.1 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-7691
MEDIUM
Flaming Forms < 1.0.1 - Unauthenticated Cross-Site Scripting
CVSS 6.1
CVE-2024-7354
MEDIUM
Ninja Forms 3.8.6-3.8.10 - Reflected Cross-Site Scripting via URL Attribute
CVSS 6.1
CVE-2024-45528
MEDIUM
CodeAstro MembershipM-PHP 1.0 - XSS
CVSS 5.4
CVE-2024-8370
LOW
grocy < 4.2.0 - Cross-Site Scripting via Recipe Pictures SVG File Upload Handler
CVSS 3.5
CVE-2024-8366
MEDIUM
Pharmacy Management System 1.0 - XSS
CVSS 4.3
CVE-2024-8108
MEDIUM
Share This Image <= 2.01 - Authenticated Stored Cross-Site Scripting via Alignment Parameter
CVSS 6.4
CVE-2024-8276
MEDIUM
WPZOOM Portfolio Lite < 1.4.4 - Authenticated Stored Cross-Site Scripting via Gutenberg Block Align Attribute
CVSS 6.4
CVE-2024-5212
MEDIUM
tagDiv Composer < 5.0 - Unauthenticated Reflected Cross-Site Scripting via envato_code[] Parameter
CVSS 6.1
CVE-2024-3886
MEDIUM
tagDiv Composer < 5.0 - Unauthenticated Reflected Cross-Site Scripting via envato_code[] Parameter
CVSS 6.1
CVE-2024-6585
MEDIUM
Lightdash 0.1024.6-<0.1042.2 - Authenticated Stored Cross-Site Scripting in Dashboard Markdown and Comments
CVSS 5.4
CVE-2024-44684
MEDIUM
TpMeCMS 1.3.3.2 - Stored Cross-Site Scripting via Title, Images, and Content Fields
CVSS 6.1
CVE-2024-44683
MEDIUM
Seacms v13 - Cross-Site Scripting via admin-video.php
CVSS 6.1
CVE-2024-44682
MEDIUM
ShopXO 6.2 - Cross-Site Scripting via POST Parameter Manipulation
CVSS 6.1
Details
Vulnerabilities
45,468
Exploit Likelihood
High