CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,468 vulnerabilities with CWE-79
CVE-2024-7895
MEDIUM
Beaver Builder < 2.8.3.5 - Authenticated Stored Cross-Site Scripting via Type Parameter
CVSS 6.4
CVE-2024-7606
MEDIUM
Front End Users <= 3.2.28 - Authenticated Stored Cross-Site Scripting via User-Search Shortcode
CVSS 6.4
CVE-2024-7132
MEDIUM
GoDaddy CoBlocks < 3.1.13 - Stored Cross-Site Scripting via Post Embed Block
CVSS 4.8
CVE-2024-6927
MEDIUM
Viral Signup < 2.1 - Authenticated Stored Cross-Site Scripting in Plugin Settings
CVSS 4.8
CVE-2024-5624
MEDIUM
B&R APROL <= R 4.4-00P3 - Reflected Cross-Site Scripting in Shift Logbook Application
CVSS 6.1
CVE-2024-5417
MEDIUM
Gutentor < 3.3.6 - Stored Cross-Site Scripting via Block Options
CVSS 5.4
CVE-2024-43986
MEDIUM
Taxi Booking Manager for WooCommerce <= 1.0.9 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2024-3944
MEDIUM
Delower WP TO DO < 1.3.0 - XSS
CVSS 4.4
CVE-2024-45057
MEDIUM
i-educar < 2.9 - Reflected Cross-Site Scripting via Unsanitized HTML Field Input
CVSS 6.1
CVE-2024-45046
MEDIUM
PHPSpreadsheet <1.29.1 and 2.0.0-2.1.0 - Stored Cross-Site Scripting via Spreadsheet Styling Information
CVSS 5.4
CVE-2024-43805
HIGH
JupyterLab < 3.6.8 and Notebook 7.0.0-7.2.2 - Cross-Site Scripting via Malicious Markdown Cell
CVSS 7.6
CVE-2024-42900
MEDIUM
Ruoyi < 4.7.9 - Stored Cross-Site Scripting via /tool/gen/create sql Parameter
CVSS 6.1
CVE-2024-6450
MEDIUM
HyperView Geoportal Toolkit <8.5.0 - XSS
CVSS 6.1
CVE-2024-7269
MEDIUM
ConnX ESP HR Management < 6.6 - Stored Cross-Site Scripting in Update of Personal Details Form
CVSS 5.4
CVE-2024-4554
HIGH
OpenText NetIQ Access Manager < 5.0.4.1 and 5.1 - Cross-Site Scripting
CVSS 7.3
CVE-2024-8209
LOW
nafisulbari/itsourcecode Insurance Management System 1.0 - XSS
CVSS 3.5
CVE-2024-8208
LOW
nafisulbari/itsourcecode Insurance Management System 1.0 - XSS
CVSS 3.5
CVE-2024-43788
MEDIUM
webpack < 5.94.0 - Cross-Site Scripting via DOM Clobbering in AutoPublicPathRuntimeModule
CVSS 6.4
CVE-2024-7791
MEDIUM
Xpro Addons for Elementor < 1.4.4.3 - Authenticated Stored Cross-Site Scripting via Post Grid Widget Arrow Parameter
CVSS 6.4
CVE-2024-8046
MEDIUM
Logo Showcase Ultimate - Logo Carousel, Logo Slider & Logo Grid <1....
CVSS 6.4
CVE-2024-41174
HIGH
Beckhoff IPC Diagnostics Package < 2.1.1.0 and TwinCAT/BSD < 14.1.2.0 - Cross-Site Scripting
CVSS 7.3
CVE-2024-7304
MEDIUM
Ninja Tables < 5.0.13 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-6804
MEDIUM
Jeg Elementor Kit <= 2.6.7 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-43915
MEDIUM
Zephyr Project Manager <= .3.102 - Reflected Cross-Site Scripting
CVSS 5.5
CVE-2024-43255
HIGH
Stormhill Media MyBookTable <3.3.9 - CSRF/XSS
CVSS 7.1
Details
Vulnerabilities
45,468
Exploit Likelihood
High