CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,468 vulnerabilities with CWE-79
CVE-2024-43238 HIGH
weDevs weMail <= 1.14.5 - DOM-Based Cross-Site Scripting
CVSS 7.1
CVE-2024-39666 MEDIUM
WooCommerce < 9.1.2 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2024-43353 MEDIUM
myCred <= 2.7.2 - Cross-Site Scripting
CVSS 6.5
CVE-2024-7901 LOW
Scada-LTS 2.7.8 - Cross-Site Scripting in Message Handler
CVSS 3.5
CVE-2024-7900 LOW
TpMeCMS 1.3.3.2 - Cross-Site Scripting in Basic Configuration Handler
CVSS 2.4
CVE-2024-7703 MEDIUM
ARMember - Membership Plugin < 4.0.37 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-43009 MEDIUM
ZZCMS < 2023 - Reflected Cross-Site Scripting via HTTP_REFERER Header
CVSS 4.7
CVE-2024-43006 MEDIUM
ZZCMS2023 - Stored Cross-Site Scripting in ask/show.php via Content Parameter
CVSS 5.4
CVE-2024-43005 MEDIUM
ZZCMS v2023 - Reflected Cross-Site Scripting via dl_liuyan_save.php
CVSS 4.7
CVE-2024-42758 MEDIUM
Dokuwiki indexmenu plugin v2024-01-05 - XSS
CVSS 5.4
CVE-2024-25837 MEDIUM
October CMS Bloghub Plugin < 1.3.8 - Stored Cross-Site Scripting in Comments Section
CVSS 5.4
CVE-2024-43810 MEDIUM
JetBrains TeamCity < 2024.07.1 - Reflected Cross-Site Scripting in AWS Core Plugin
CVSS 4.6
CVE-2024-43809 LOW
JetBrains TeamCity < 2024.07.1 - Reflected Cross-Site Scripting on agentPushPreset Page
CVSS 3.5
CVE-2024-43808 LOW
JetBrains TeamCity < 2024.07.1 - Self Cross-Site Scripting in HashiCorp Vault Plugin
CVSS 3.7
CVE-2024-43807 MEDIUM
JetBrains TeamCity < 2024.07.1 - Stored Cross-Site Scripting on Clouds Page
CVSS 4.6
CVE-2024-43381 MEDIUM
reNgine < 2.1.3 - Stored Cross-Site Scripting via DNS Record Processing
CVSS 5.0
CVE-2024-7144 MEDIUM
JetElements < 2.6.20 - Authenticated Stored Cross-Site Scripting via id and slide_id Parameters
CVSS 6.4
CVE-2024-7147 MEDIUM
JetBlocks for Elementor <1.3.12 - XSS
CVSS 6.4
CVE-2024-7136 MEDIUM
JetSearch <= 3.5.2 - Authenticated Stored Cross-Site Scripting via ID Parameter
CVSS 6.4
CVE-2024-7301 HIGH
WordPress File Upload <= 4.24.8 - Unauthenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 7.2
CVE-2024-7852 LOW
Yoga Class Registration System 1.0 - Cross-Site Scripting in View Inquiry Page
CVSS 3.5
CVE-2024-43370 HIGH
gettext.js < 2.0.3 - Cross-Site Scripting via Corrupted .po Dictionary Files
CVSS 7.2
CVE-2024-43369 HIGH
ibexa/fieldtype-richtext 4.6.0-4.6.9 - Authenticated Stored Cross-Site Scripting via Link Protocol Bypass
CVSS 7.2
CVE-2024-7844 LOW
Online Graduate Tracer System 1.0 - Cross-Site Scripting via add_acc.php name/user/position Parameter
CVSS 3.5
CVE-2024-27729 MEDIUM
Friendica 2023.12 - Cross-Site Scripting via Calendar Event Location Parameter
CVSS 6.1
Details
Vulnerabilities 45,468
Exploit Likelihood High