CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,468 vulnerabilities with CWE-79
CVE-2024-43407
MEDIUM
CKEditor4 < 4.25.0 - Reflected Cross-Site Scripting via GeSHi Code Snippet Plugin
CVSS 6.1
CVE-2024-41675
MEDIUM
CKAN 2.7.0-2.10.4 - Cross-Site Scripting in Datatables View Plugin
CVSS 6.8
CVE-2024-6339
MEDIUM
Phlox PRO <= 5.16.4 - Reflected Cross-Site Scripting via Search Parameters
CVSS 6.1
CVE-2024-7629
MEDIUM
Responsive video < 1.0 - Authenticated Stored Cross-Site Scripting via Video Settings Function
CVSS 6.4
CVE-2024-7134
HIGH
LiquidPoll <= 3.3.78 - Unauthenticated Stored XSS via form_data
CVSS 7.2
CVE-2024-7090
MEDIUM
WordPress LH Add Media From Url <1.23 - XSS
CVSS 6.1
CVE-2024-6767
MEDIUM
WordSurvey <= 3.2 - Authenticated Stored Cross-Site Scripting via sounding_title Parameter
CVSS 5.5
CVE-2024-42939
MEDIUM
YZNCMS 1.4.2 - Stored Cross-Site Scripting via Remarks Text Field
CVSS 5.4
CVE-2024-8022
LOW
Genexis Tilgin Home Gateway 322_AS0500-03_05_13_05 - XSS
CVSS 3.5
CVE-2024-43396
MEDIUM
khoj < 1.15.0 - Stored Cross-Site Scripting via Automation Task Instructions
CVSS 5.4
CVE-2024-41658
MEDIUM
Casdoor <= 1.577.0 - Reflected Cross-Site Scripting via WechatPay QR Code successUrl Parameter
CVSS 6.1
CVE-2024-43408
MEDIUM
discourse-placeholder-theme-component - Stored Cross-Site Scripting via Unsanitized User Input
CVSS 6.3
CVE-2024-40743
MEDIUM
Joomla! 3.0.0 through 3.10.17 and 4.0.0 through 4.4.6 - Cross-Site Scripting
CVSS 6.1
CVE-2024-27186
MEDIUM
Joomla! 4.0.0-4.4.6 - Stored Cross-Site Scripting in HTML Mail Templates
CVSS 6.1
CVE-2024-35540
CRITICAL
Typecho 1.3.0 - Stored Cross-Site Scripting
CVSS 9.0
CVE-2024-6379
HIGH
3DEXPERIENCE R2022x-R2024x - Reflected Cross-Site Scripting
CVSS 7.7
CVE-2024-6378
HIGH
ENOVIA Collaborative Industry Innovator - XSS
CVSS 8.7
CVE-2024-39094
MEDIUM
Friendica 2024.03 - Stored Cross-Site Scripting via Profile Settings Parameters
CVSS 5.4
CVE-2024-42560
MEDIUM
Blood Bank And Donation Management System - XSS
CVSS 6.1
CVE-2024-42335
MEDIUM
7-twenty bot - Cross-Site Scripting
CVSS 5.4
CVE-2024-41697
MEDIUM
Priority < 24.0 - Cross-Site Scripting
CVSS 6.1
CVE-2024-7054
MEDIUM
Popup Maker < 1.19.0 - Authenticated Stored Cross-Site Scripting via Close Text Parameter
CVSS 6.4
CVE-2024-5576
MEDIUM
Tutor LMS Elementor Addons <= 2.1.4 - Authenticated Stored Cross-Site Scripting via Course Carousel Skin Attribute
CVSS 6.4
CVE-2024-6864
MEDIUM
WP Last Modified Info <= 1.9.0 - Authenticated Stored Cross-Site Scripting via Shortcode Template Attribute
CVSS 6.4
CVE-2024-7775
MEDIUM
Contact Form by Bit Form 2.0-2.13.9 - Authenticated Arbitrary JavaScript File Upload via addCustomCode Function
CVSS 5.5
Details
Vulnerabilities
45,468
Exploit Likelihood
High