CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,468 vulnerabilities with CWE-79
CVE-2024-7895 MEDIUM
Beaver Builder < 2.8.3.5 - Authenticated Stored Cross-Site Scripting via Type Parameter
CVSS 6.4
CVE-2024-7606 MEDIUM
Front End Users <= 3.2.28 - Authenticated Stored Cross-Site Scripting via User-Search Shortcode
CVSS 6.4
CVE-2024-7132 MEDIUM
GoDaddy CoBlocks < 3.1.13 - Stored Cross-Site Scripting via Post Embed Block
CVSS 4.8
CVE-2024-6927 MEDIUM
Viral Signup < 2.1 - Authenticated Stored Cross-Site Scripting in Plugin Settings
CVSS 4.8
CVE-2024-5624 MEDIUM
B&R APROL <= R 4.4-00P3 - Reflected Cross-Site Scripting in Shift Logbook Application
CVSS 6.1
CVE-2024-5417 MEDIUM
Gutentor < 3.3.6 - Stored Cross-Site Scripting via Block Options
CVSS 5.4
CVE-2024-43986 MEDIUM
Taxi Booking Manager for WooCommerce <= 1.0.9 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2024-3944 MEDIUM
Delower WP TO DO < 1.3.0 - XSS
CVSS 4.4
CVE-2024-45057 MEDIUM
i-educar < 2.9 - Reflected Cross-Site Scripting via Unsanitized HTML Field Input
CVSS 6.1
CVE-2024-45046 MEDIUM
PHPSpreadsheet <1.29.1 and 2.0.0-2.1.0 - Stored Cross-Site Scripting via Spreadsheet Styling Information
CVSS 5.4
CVE-2024-43805 HIGH
JupyterLab < 3.6.8 and Notebook 7.0.0-7.2.2 - Cross-Site Scripting via Malicious Markdown Cell
CVSS 7.6
CVE-2024-42900 MEDIUM
Ruoyi < 4.7.9 - Stored Cross-Site Scripting via /tool/gen/create sql Parameter
CVSS 6.1
CVE-2024-6450 MEDIUM
HyperView Geoportal Toolkit <8.5.0 - XSS
CVSS 6.1
CVE-2024-7269 MEDIUM
ConnX ESP HR Management < 6.6 - Stored Cross-Site Scripting in Update of Personal Details Form
CVSS 5.4
CVE-2024-4554 HIGH
OpenText NetIQ Access Manager < 5.0.4.1 and 5.1 - Cross-Site Scripting
CVSS 7.3
CVE-2024-8209 LOW
nafisulbari/itsourcecode Insurance Management System 1.0 - XSS
CVSS 3.5
CVE-2024-8208 LOW
nafisulbari/itsourcecode Insurance Management System 1.0 - XSS
CVSS 3.5
CVE-2024-43788 MEDIUM
webpack < 5.94.0 - Cross-Site Scripting via DOM Clobbering in AutoPublicPathRuntimeModule
CVSS 6.4
CVE-2024-7791 MEDIUM
Xpro Addons for Elementor < 1.4.4.3 - Authenticated Stored Cross-Site Scripting via Post Grid Widget Arrow Parameter
CVSS 6.4
CVE-2024-8046 MEDIUM
Logo Showcase Ultimate - Logo Carousel, Logo Slider & Logo Grid <1....
CVSS 6.4
CVE-2024-41174 HIGH
Beckhoff IPC Diagnostics Package < 2.1.1.0 and TwinCAT/BSD < 14.1.2.0 - Cross-Site Scripting
CVSS 7.3
CVE-2024-7304 MEDIUM
Ninja Tables < 5.0.13 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-6804 MEDIUM
Jeg Elementor Kit <= 2.6.7 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-43915 MEDIUM
Zephyr Project Manager <= .3.102 - Reflected Cross-Site Scripting
CVSS 5.5
CVE-2024-43255 HIGH
Stormhill Media MyBookTable <3.3.9 - CSRF/XSS
CVSS 7.1
Details
Vulnerabilities 45,468
Exploit Likelihood High