CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,468 vulnerabilities with CWE-79
CVE-2024-44920 MEDIUM
SeaCMS 12.9 - Stored Cross-Site Scripting via admin_collect_news.php siteurl Parameter
CVSS 6.1
CVE-2024-42061 MEDIUM
Zyxel ZLD 4.32-5.38 - Reflected Cross-Site Scripting via dynamic_script.cgi
CVSS 6.1
CVE-2024-45621 MEDIUM
Rocket.Chat < 6.3.4 - Stored Cross-Site Scripting via Links in Uploaded Files
CVSS 5.4
CVE-2024-6920 MEDIUM
NACPremium < 2024-08-01 - Stored Cross-Site Scripting
CVSS 6.1
CVE-2024-43792 MEDIUM
Halo < 2.17.0 - Cross-Site Scripting
CVSS 6.3
CVE-2024-28100 HIGH
elabftw < 5.0.0 - Stored Cross-Site Scripting via Crafted File Upload
CVSS 8.9
CVE-2024-8004 HIGH
ENOVIA Collaborative Industry Innovator - XSS
CVSS 8.7
CVE-2024-7939 HIGH
3DEXPERIENCE R2024x - Stored Cross-Site Scripting in 3DSwym
CVSS 8.7
CVE-2024-7938 HIGH
3DEXPERIENCE R2023x-R2024x - Stored Cross-Site Scripting in 3DDashboard
CVSS 8.7
CVE-2024-7932 HIGH
3DEXPERIENCE R2024x - Stored Cross-Site Scripting in 3DDashboard
CVSS 8.7
CVE-2024-38858 MEDIUM
Checkmk < 2.3.0p14 - Cross-Site Scripting in Robotmk Logs View
CVSS 6.1
CVE-2024-7692 MEDIUM
Flaming Forms < 1.0.1 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-7691 MEDIUM
Flaming Forms < 1.0.1 - Unauthenticated Cross-Site Scripting
CVSS 6.1
CVE-2024-7354 MEDIUM
Ninja Forms 3.8.6-3.8.10 - Reflected Cross-Site Scripting via URL Attribute
CVSS 6.1
CVE-2024-45528 MEDIUM
CodeAstro MembershipM-PHP 1.0 - XSS
CVSS 5.4
CVE-2024-8370 LOW
grocy < 4.2.0 - Cross-Site Scripting via Recipe Pictures SVG File Upload Handler
CVSS 3.5
CVE-2024-8366 MEDIUM
Pharmacy Management System 1.0 - XSS
CVSS 4.3
CVE-2024-8108 MEDIUM
Share This Image <= 2.01 - Authenticated Stored Cross-Site Scripting via Alignment Parameter
CVSS 6.4
CVE-2024-8276 MEDIUM
WPZOOM Portfolio Lite < 1.4.4 - Authenticated Stored Cross-Site Scripting via Gutenberg Block Align Attribute
CVSS 6.4
CVE-2024-5212 MEDIUM
tagDiv Composer < 5.0 - Unauthenticated Reflected Cross-Site Scripting via envato_code[] Parameter
CVSS 6.1
CVE-2024-3886 MEDIUM
tagDiv Composer < 5.0 - Unauthenticated Reflected Cross-Site Scripting via envato_code[] Parameter
CVSS 6.1
CVE-2024-6585 MEDIUM
Lightdash 0.1024.6-<0.1042.2 - Authenticated Stored Cross-Site Scripting in Dashboard Markdown and Comments
CVSS 5.4
CVE-2024-44684 MEDIUM
TpMeCMS 1.3.3.2 - Stored Cross-Site Scripting via Title, Images, and Content Fields
CVSS 6.1
CVE-2024-44683 MEDIUM
Seacms v13 - Cross-Site Scripting via admin-video.php
CVSS 6.1
CVE-2024-44682 MEDIUM
ShopXO 6.2 - Cross-Site Scripting via POST Parameter Manipulation
CVSS 6.1
Details
Vulnerabilities 45,468
Exploit Likelihood High