CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,468 vulnerabilities with CWE-79
CVE-2024-44797 MEDIUM
gazelle < 2016-11-08 - Cross-Site Scripting via /managers/enable_requests.php view Parameter
CVSS 6.1
CVE-2024-44796 MEDIUM
PicUploader < 2024-02-13 - Cross-Site Scripting via AzureRedirect Error Description Parameter
CVSS 6.1
CVE-2024-44795 MEDIUM
gazelle < 2016-11-08 - Cross-Site Scripting via Username Parameter in Disabled Login Page
CVSS 6.1
CVE-2024-44794 MEDIUM
xiebruce/picuploader < 2024-02-13 - Cross-Site Scripting via OnedriveRedirect.php error_description Parameter
CVSS 6.1
CVE-2024-44793 MEDIUM
Gazelle < 2016-11-08 - Cross-Site Scripting via Torrents Parameter
CVSS 6.1
CVE-2024-42906 MEDIUM
TestLink < 1.9.20 - Cross-Site Scripting via File Upload Pop-up
CVSS 6.1
CVE-2024-45265 CRITICAL
SkySystem Arfa-CMS <5.1.3124 - SQL Injection
CVSS 9.8
CVE-2024-8174 MEDIUM
Blood Bank System 1.0 - Cross-Site Scripting via Login Page User Parameter
CVSS 4.3
CVE-2024-42790 MEDIUM
Kashipara Music Management System <1.0 - XSS
CVSS 5.4
CVE-2024-8172 LOW
SourceCodester QR Code Attendance System 1.0 - XSS
CVSS 3.5
CVE-2024-43967 MEDIUM
Stark Digital WP Testimonial Widget < 3.1 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2024-42818 MEDIUM
fastapi-admin pro 0.1.4 - Stored Cross-Site Scripting via Config-Create Product Name Parameter
CVSS 6.1
CVE-2024-42816 MEDIUM
fastapi-admin pro 0.1.4 - Stored Cross-Site Scripting via Product Name Parameter
CVSS 6.1
CVE-2024-42791 HIGH
Kashipara Music Management System <v1.0 - CSRF
CVSS 8.8
CVE-2024-42788 MEDIUM
Kashipara Music Management System v1.0 - XSS
CVSS 6.1
CVE-2024-42789 MEDIUM
Kashipara Music Management System <1.0 - XSS
CVSS 6.3
CVE-2024-42787 MEDIUM
Kashipara Music Management System v1.0 - Stored Cross-Site Scripting via Playlist Title and Description Parameters
CVSS 6.1
CVE-2024-38859 MEDIUM
Checkmk < 2.3.0p14, < 2.2.0p33, < 2.1.0p47 - Stored Cross-Site Scripting in SLA Column Title
CVSS 6.1
CVE-2024-43442 MEDIUM
OTRS <7.0.50,8.0,X,2023.X,2024.5.X - XSS
CVSS 4.9
CVE-2024-7313 MEDIUM
Shield Security < 20.0.6 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-6879 MEDIUM
Quiz and Survey Master < 9.1.1 - Stored Cross-Site Scripting in Quiz Fields
CVSS 4.7
CVE-2024-8154 LOW
SourceCodester QR Code Bookmark System 1.0 - XSS
CVSS 3.5
CVE-2024-8153 LOW
SourceCodester QR Code Bookmark System 1.0 - XSS
CVSS 3.5
CVE-2024-8152 LOW
SourceCodester QR Code Bookmark System 1.0 - XSS
CVSS 3.5
CVE-2024-8151 LOW
SourceCodester Interactive Map 1.0 - XSS
CVSS 3.5
Details
Vulnerabilities 45,468
Exploit Likelihood High