CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,468 vulnerabilities with CWE-79
CVE-2024-43238
HIGH
weDevs weMail <= 1.14.5 - DOM-Based Cross-Site Scripting
CVSS 7.1
CVE-2024-39666
MEDIUM
WooCommerce < 9.1.2 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2024-43353
MEDIUM
myCred <= 2.7.2 - Cross-Site Scripting
CVSS 6.5
CVE-2024-7901
LOW
Scada-LTS 2.7.8 - Cross-Site Scripting in Message Handler
CVSS 3.5
CVE-2024-7900
LOW
TpMeCMS 1.3.3.2 - Cross-Site Scripting in Basic Configuration Handler
CVSS 2.4
CVE-2024-7703
MEDIUM
ARMember - Membership Plugin < 4.0.37 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-43009
MEDIUM
ZZCMS < 2023 - Reflected Cross-Site Scripting via HTTP_REFERER Header
CVSS 4.7
CVE-2024-43006
MEDIUM
ZZCMS2023 - Stored Cross-Site Scripting in ask/show.php via Content Parameter
CVSS 5.4
CVE-2024-43005
MEDIUM
ZZCMS v2023 - Reflected Cross-Site Scripting via dl_liuyan_save.php
CVSS 4.7
CVE-2024-42758
MEDIUM
Dokuwiki indexmenu plugin v2024-01-05 - XSS
CVSS 5.4
CVE-2024-25837
MEDIUM
October CMS Bloghub Plugin < 1.3.8 - Stored Cross-Site Scripting in Comments Section
CVSS 5.4
CVE-2024-43810
MEDIUM
JetBrains TeamCity < 2024.07.1 - Reflected Cross-Site Scripting in AWS Core Plugin
CVSS 4.6
CVE-2024-43809
LOW
JetBrains TeamCity < 2024.07.1 - Reflected Cross-Site Scripting on agentPushPreset Page
CVSS 3.5
CVE-2024-43808
LOW
JetBrains TeamCity < 2024.07.1 - Self Cross-Site Scripting in HashiCorp Vault Plugin
CVSS 3.7
CVE-2024-43807
MEDIUM
JetBrains TeamCity < 2024.07.1 - Stored Cross-Site Scripting on Clouds Page
CVSS 4.6
CVE-2024-43381
MEDIUM
reNgine < 2.1.3 - Stored Cross-Site Scripting via DNS Record Processing
CVSS 5.0
CVE-2024-7144
MEDIUM
JetElements < 2.6.20 - Authenticated Stored Cross-Site Scripting via id and slide_id Parameters
CVSS 6.4
CVE-2024-7147
MEDIUM
JetBlocks for Elementor <1.3.12 - XSS
CVSS 6.4
CVE-2024-7136
MEDIUM
JetSearch <= 3.5.2 - Authenticated Stored Cross-Site Scripting via ID Parameter
CVSS 6.4
CVE-2024-7301
HIGH
WordPress File Upload <= 4.24.8 - Unauthenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 7.2
CVE-2024-7852
LOW
Yoga Class Registration System 1.0 - Cross-Site Scripting in View Inquiry Page
CVSS 3.5
CVE-2024-43370
HIGH
gettext.js < 2.0.3 - Cross-Site Scripting via Corrupted .po Dictionary Files
CVSS 7.2
CVE-2024-43369
HIGH
ibexa/fieldtype-richtext 4.6.0-4.6.9 - Authenticated Stored Cross-Site Scripting via Link Protocol Bypass
CVSS 7.2
CVE-2024-7844
LOW
Online Graduate Tracer System 1.0 - Cross-Site Scripting via add_acc.php name/user/position Parameter
CVSS 3.5
CVE-2024-27729
MEDIUM
Friendica 2023.12 - Cross-Site Scripting via Calendar Event Location Parameter
CVSS 6.1
Details
Vulnerabilities
45,468
Exploit Likelihood
High