CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,468 vulnerabilities with CWE-79
CVE-2024-43407 MEDIUM
CKEditor4 < 4.25.0 - Reflected Cross-Site Scripting via GeSHi Code Snippet Plugin
CVSS 6.1
CVE-2024-41675 MEDIUM
CKAN 2.7.0-2.10.4 - Cross-Site Scripting in Datatables View Plugin
CVSS 6.8
CVE-2024-6339 MEDIUM
Phlox PRO <= 5.16.4 - Reflected Cross-Site Scripting via Search Parameters
CVSS 6.1
CVE-2024-7629 MEDIUM
Responsive video < 1.0 - Authenticated Stored Cross-Site Scripting via Video Settings Function
CVSS 6.4
CVE-2024-7134 HIGH
LiquidPoll <= 3.3.78 - Unauthenticated Stored XSS via form_data
CVSS 7.2
CVE-2024-7090 MEDIUM
WordPress LH Add Media From Url <1.23 - XSS
CVSS 6.1
CVE-2024-6767 MEDIUM
WordSurvey <= 3.2 - Authenticated Stored Cross-Site Scripting via sounding_title Parameter
CVSS 5.5
CVE-2024-42939 MEDIUM
YZNCMS 1.4.2 - Stored Cross-Site Scripting via Remarks Text Field
CVSS 5.4
CVE-2024-8022 LOW
Genexis Tilgin Home Gateway 322_AS0500-03_05_13_05 - XSS
CVSS 3.5
CVE-2024-43396 MEDIUM
khoj < 1.15.0 - Stored Cross-Site Scripting via Automation Task Instructions
CVSS 5.4
CVE-2024-41658 MEDIUM
Casdoor <= 1.577.0 - Reflected Cross-Site Scripting via WechatPay QR Code successUrl Parameter
CVSS 6.1
CVE-2024-43408 MEDIUM
discourse-placeholder-theme-component - Stored Cross-Site Scripting via Unsanitized User Input
CVSS 6.3
CVE-2024-40743 MEDIUM
Joomla! 3.0.0 through 3.10.17 and 4.0.0 through 4.4.6 - Cross-Site Scripting
CVSS 6.1
CVE-2024-27186 MEDIUM
Joomla! 4.0.0-4.4.6 - Stored Cross-Site Scripting in HTML Mail Templates
CVSS 6.1
CVE-2024-35540 CRITICAL
Typecho 1.3.0 - Stored Cross-Site Scripting
CVSS 9.0
CVE-2024-6379 HIGH
3DEXPERIENCE R2022x-R2024x - Reflected Cross-Site Scripting
CVSS 7.7
CVE-2024-6378 HIGH
ENOVIA Collaborative Industry Innovator - XSS
CVSS 8.7
CVE-2024-39094 MEDIUM
Friendica 2024.03 - Stored Cross-Site Scripting via Profile Settings Parameters
CVSS 5.4
CVE-2024-42560 MEDIUM
Blood Bank And Donation Management System - XSS
CVSS 6.1
CVE-2024-42335 MEDIUM
7-twenty bot - Cross-Site Scripting
CVSS 5.4
CVE-2024-41697 MEDIUM
Priority < 24.0 - Cross-Site Scripting
CVSS 6.1
CVE-2024-7054 MEDIUM
Popup Maker < 1.19.0 - Authenticated Stored Cross-Site Scripting via Close Text Parameter
CVSS 6.4
CVE-2024-5576 MEDIUM
Tutor LMS Elementor Addons <= 2.1.4 - Authenticated Stored Cross-Site Scripting via Course Carousel Skin Attribute
CVSS 6.4
CVE-2024-6864 MEDIUM
WP Last Modified Info <= 1.9.0 - Authenticated Stored Cross-Site Scripting via Shortcode Template Attribute
CVSS 6.4
CVE-2024-7775 MEDIUM
Contact Form by Bit Form 2.0-2.13.9 - Authenticated Arbitrary JavaScript File Upload via addCustomCode Function
CVSS 5.5
Details
Vulnerabilities 45,468
Exploit Likelihood High