CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,468 vulnerabilities with CWE-79
CVE-2024-8113
MEDIUM
pretix < 2024.7.0 - Stored Cross-Site Scripting in Organizer and Event Settings
CVSS 5.4
CVE-2024-8112
MEDIUM
JeeSite 5.3 - Cross-Site Scripting via SkinName Parameter in Cookie Handler
CVSS 4.3
CVE-2024-41150
MEDIUM
ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP, and SupportCenter Plus < 14.7 - Stored XSS in Request Module
CVSS 6.3
CVE-2024-38869
HIGH
ManageEngine Endpoint Central < 11.3.2416.04 & < 11.3.2400.25 - Incorrect Authorization
CVSS 8.3
CVE-2024-5502
MEDIUM
Piotnet Addons For Elementor <= 2.4.30 - Authenticated Stored XSS via Widgets
CVSS 6.4
CVE-2024-3282
MEDIUM
WP Table Builder < 1.5.0 - Authenticated Stored Cross-Site Scripting in Table Data
CVSS 4.8
CVE-2024-38208
MEDIUM
Microsoft Edge < 128.0.2739.42 - Spoofing
CVSS 6.1
CVE-2024-8084
LOW
SourceCodester Online Computer and Laptop Store 1.0 - XSS
CVSS 2.4
CVE-2024-42763
MEDIUM
Kashipara Bus Ticket Reservation System v1.0 - XSS
CVSS 5.4
CVE-2024-42762
MEDIUM
Kashipara Bus Ticket Reservation System v1.0 - XSS
CVSS 5.4
CVE-2024-42761
MEDIUM
Kashipara Bus Ticket Reservation System v1.0 - XSS
CVSS 6.1
CVE-2024-42771
MEDIUM
Kashipara Hotel Management System v1.0 - XSS
CVSS 4.8
CVE-2024-42770
MEDIUM
Kashipara Hotel Management System <1.0 - XSS
CVSS 4.7
CVE-2024-42769
MEDIUM
Kashipara Hotel Management System v1.0 - XSS
CVSS 6.1
CVE-2024-7778
MEDIUM
Orbit Fox by ThemeIsle <= 2.10.36 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-6870
MEDIUM
Responsive Lightbox & Gallery <2.4.7 - XSS
CVSS 6.4
CVE-2024-5583
MEDIUM
Plus Addons for Elementor < 5.6.3 - Authenticated Stored XSS via Testimonial Carousel
CVSS 6.4
CVE-2024-8035
MEDIUM
Google Chrome < 128.0.6613.84 - UI Spoofing via Crafted HTML Page
CVSS 4.3
CVE-2024-7976
MEDIUM
Google Chrome < 128.0.6613.84 - UI Spoofing via FedCM
CVSS 4.3
CVE-2024-41572
MEDIUM
Learning with Texts 2.0.3 - Unauthenticated Stored Cross-Site Scripting via URL Parameter
CVSS 6.1
CVE-2024-20488
MEDIUM
Cisco Unified Communications Manager - Unauthenticated Stored Cross-Site Scripting via Web Interface
CVSS 6.1
CVE-2024-42550
MEDIUM
Mini Inventory <commit 18aa3d - XSS
CVSS 5.4
CVE-2024-43411
LOW
CKEditor4 4.22.0-4.25.0 - Cross-Site Scripting via Version Notification Feature
CVSS 3.1
CVE-2024-41937
MEDIUM
Apache Airflow < 2.10.0 - Stored Cross-Site Scripting via Provider Documentation Link
CVSS 6.1
CVE-2024-21690
HIGH
Atlassian Confluence Data Center < 7.19.25 - XSS
CVSS 8.2
Details
Vulnerabilities
45,468
Exploit Likelihood
High