CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,468 vulnerabilities with CWE-79
CVE-2024-8113 MEDIUM
pretix < 2024.7.0 - Stored Cross-Site Scripting in Organizer and Event Settings
CVSS 5.4
CVE-2024-8112 MEDIUM
JeeSite 5.3 - Cross-Site Scripting via SkinName Parameter in Cookie Handler
CVSS 4.3
CVE-2024-41150 MEDIUM
ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP, and SupportCenter Plus < 14.7 - Stored XSS in Request Module
CVSS 6.3
CVE-2024-38869 HIGH
ManageEngine Endpoint Central < 11.3.2416.04 & < 11.3.2400.25 - Incorrect Authorization
CVSS 8.3
CVE-2024-5502 MEDIUM
Piotnet Addons For Elementor <= 2.4.30 - Authenticated Stored XSS via Widgets
CVSS 6.4
CVE-2024-3282 MEDIUM
WP Table Builder < 1.5.0 - Authenticated Stored Cross-Site Scripting in Table Data
CVSS 4.8
CVE-2024-38208 MEDIUM
Microsoft Edge < 128.0.2739.42 - Spoofing
CVSS 6.1
CVE-2024-8084 LOW
SourceCodester Online Computer and Laptop Store 1.0 - XSS
CVSS 2.4
CVE-2024-42763 MEDIUM
Kashipara Bus Ticket Reservation System v1.0 - XSS
CVSS 5.4
CVE-2024-42762 MEDIUM
Kashipara Bus Ticket Reservation System v1.0 - XSS
CVSS 5.4
CVE-2024-42761 MEDIUM
Kashipara Bus Ticket Reservation System v1.0 - XSS
CVSS 6.1
CVE-2024-42771 MEDIUM
Kashipara Hotel Management System v1.0 - XSS
CVSS 4.8
CVE-2024-42770 MEDIUM
Kashipara Hotel Management System <1.0 - XSS
CVSS 4.7
CVE-2024-42769 MEDIUM
Kashipara Hotel Management System v1.0 - XSS
CVSS 6.1
CVE-2024-7778 MEDIUM
Orbit Fox by ThemeIsle <= 2.10.36 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-6870 MEDIUM
Responsive Lightbox & Gallery <2.4.7 - XSS
CVSS 6.4
CVE-2024-5583 MEDIUM
Plus Addons for Elementor < 5.6.3 - Authenticated Stored XSS via Testimonial Carousel
CVSS 6.4
CVE-2024-8035 MEDIUM
Google Chrome < 128.0.6613.84 - UI Spoofing via Crafted HTML Page
CVSS 4.3
CVE-2024-7976 MEDIUM
Google Chrome < 128.0.6613.84 - UI Spoofing via FedCM
CVSS 4.3
CVE-2024-41572 MEDIUM
Learning with Texts 2.0.3 - Unauthenticated Stored Cross-Site Scripting via URL Parameter
CVSS 6.1
CVE-2024-20488 MEDIUM
Cisco Unified Communications Manager - Unauthenticated Stored Cross-Site Scripting via Web Interface
CVSS 6.1
CVE-2024-42550 MEDIUM
Mini Inventory <commit 18aa3d - XSS
CVSS 5.4
CVE-2024-43411 LOW
CKEditor4 4.22.0-4.25.0 - Cross-Site Scripting via Version Notification Feature
CVSS 3.1
CVE-2024-41937 MEDIUM
Apache Airflow < 2.10.0 - Stored Cross-Site Scripting via Provider Documentation Link
CVSS 6.1
CVE-2024-21690 HIGH
Atlassian Confluence Data Center < 7.19.25 - XSS
CVSS 8.2
Details
Vulnerabilities 45,468
Exploit Likelihood High