CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,468 vulnerabilities with CWE-79
CVE-2024-45047
MEDIUM
svelte < 4.2.19 - Cross-Site Scripting via noscript Attribute Injection
CVSS 5.4
CVE-2024-44918
LOW
SeaCMS 12.9 - Cross-Site Scripting in admin_datarelate.php
CVSS 3.5
CVE-2024-8337
LOW
SourceCodester Contact Manager with Export to VCF 1.0 - XSS
CVSS 3.5
CVE-2024-8274
MEDIUM
WP Booking Calendar <= 10.5 - Unauthenticated Reflected Cross-Site Scripting via Timeline Object Parameters
CVSS 6.1
CVE-2024-7122
MEDIUM
Elementor Addon Elements <= 1.13.6 - Authenticated Stored Cross-Site Scripting via Widget Attributes
CVSS 6.4
CVE-2024-42412
MEDIUM
ELECOM WAB-S1167-PS and WAB-I1750-PS Firmware - Cross-Site Scripting via menu.cgi
CVSS 6.1
CVE-2024-34577
MEDIUM
ELECOM WRC-X3000GS2-B, WRC-X3000GS2-W, WRC-X3000GS2A-B, WRC-X3000GST2-B - Cross-Site Scripting via easysetup.cgi
CVSS 6.1
CVE-2024-5879
MEDIUM
HubSpot <= 11.1.22 - Authenticated Stored XSS via Meeting Widget URL
CVSS 6.4
CVE-2024-3998
MEDIUM
Betheme <= 27.5.6 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-5061
MEDIUM
Enfold Theme <= 6.0.3 - Authenticated Stored XSS via Wrapper Class
CVSS 6.4
CVE-2024-5024
MEDIUM
MemberPress < 1.11.30 - Unauthenticated Reflected Cross-Site Scripting via mepr_screenname and mepr_key Parameters
CVSS 6.1
CVE-2024-4401
MEDIUM
Elementor Addon Elements <1.13.5 - XSS
CVSS 6.4
CVE-2024-8328
MEDIUM
Easy test Online Learning and Testing Platform < 24a01 - Reflected Cross-Site Scripting via Page Parameter
CVSS 5.4
CVE-2024-41349
MEDIUM
unmark 1.9.2 - Cross-Site Scripting in add_by_url.php
CVSS 6.1
CVE-2024-41371
MEDIUM
Organizr v1.90 - Cross-Site Scripting via api.php
CVSS 6.1
CVE-2024-41358
MEDIUM
phpipam 1.6 - Cross-Site Scripting via Import Load Data
CVSS 6.1
CVE-2024-41351
MEDIUM
bjyadmin - Cross-Site Scripting via UMeditor getContent.php
CVSS 6.1
CVE-2024-41350
MEDIUM
bjyadmin - Stored Cross-Site Scripting via UMeditor Image Upload Handler
CVSS 6.1
CVE-2024-41348
MEDIUM
openflights - Cross-Site Scripting via php/alsearch.php
CVSS 6.1
CVE-2024-41347
MEDIUM
openflights - Cross-Site Scripting via php/settings.php
CVSS 6.1
CVE-2024-41346
MEDIUM
openflights - Cross-Site Scripting via php/submit.php
CVSS 5.4
CVE-2024-41345
MEDIUM
openflights - Cross-Site Scripting via php/trip.php
CVSS 5.4
CVE-2024-43921
HIGH
Magic Post Thumbnail <= 5.2.9 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-43920
MEDIUM
Jegstudio Gutenverse < 1.9.4 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-44930
MEDIUM
serilog-enrichers-clientinfo < 2.1.0 - Client IP Spoofing via X-Forwarded-For or Client-Ip Headers
CVSS 6.5
Details
Vulnerabilities
45,468
Exploit Likelihood
High