CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,468 vulnerabilities with CWE-79
CVE-2024-27728 MEDIUM
Friendica 2023.12 - Cross-Site Scripting via Babel Debug Text Parameter
CVSS 6.1
CVE-2024-42678 MEDIUM
Super easy enterprise management system <1.0.0 - XSS
CVSS 6.1
CVE-2024-7064 MEDIUM
ElementsKit Pro <= 3.6.5 - Authenticated Stored Cross-Site Scripting via Multiple Parameters
CVSS 6.4
CVE-2024-7815 LOW
CodeAstro Online Railway Reservation System 1.0 - Stored Cross-Site Scripting via Update Employee Page
CVSS 2.4
CVE-2024-7814 LOW
CodeAstro Online Railway Reservation System 1.0 - Stored Cross-Site Scripting via Add Employee Page
CVSS 2.4
CVE-2024-7812 LOW
Best House Rental Management System 1.0 - Stored Cross-Site Scripting via Tenant Last Name Parameter
CVSS 3.5
CVE-2024-6533 MEDIUM
Directus v10.13.0 - Authenticated Stored Cross-Site Scripting
CVSS 5.4
CVE-2024-43368 MEDIUM
Trix < 2.1.4 - Cross-Site Scripting via Malicious Paste Bypass
CVSS 6.5
CVE-2024-7793 LOW
SourceCodester Task Progress Tracker 1.0 - Cross-Site Scripting via task_name Parameter
CVSS 3.5
CVE-2024-7790 MEDIUM
DevikaAI >= 2024-06-08 - Stored Cross-Site Scripting via Improperly Decoded User Input
CVSS 6.5
CVE-2024-39403 HIGH
Adobe Commerce 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier - Stored Cross-Site Scripting in Form Fields
CVSS 7.6
CVE-2024-39400 HIGH
Adobe Commerce 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier - DOM-based Cross-Site Scripting
CVSS 8.1
CVE-2024-6532 MEDIUM
Sheet to Table Live Sync <1.0.1 - XSS
CVSS 6.4
CVE-2024-7588 MEDIUM
Gutenberg Blocks, Page Builder - ComboBlocks <= 2.2.87 - Authenticated Stored Cross-Site Scripting via Accordion Block
CVSS 6.4
CVE-2024-7752 LOW
Clinic's Patient Management System 1.0 - Cross-Site Scripting via Medicine Name Parameter
CVSS 3.5
CVE-2024-7749 LOW
SourceCodester Accounts Manager App 1.0 - Cross-Site Scripting via account_name Parameter
CVSS 3.5
CVE-2024-7739 MEDIUM
yzane markdown_pdf 1.5.0 - Cross-Site Scripting
CVSS 4.3
CVE-2024-7733 LOW
FastCMS < 0.1.5 - Cross-Site Scripting in New Article Category Page
CVSS 3.5
CVE-2024-38211 HIGH
Microsoft Dynamics 365 (on-premises) - XSS
CVSS 8.2
CVE-2024-38108 CRITICAL
Azure Stack Hub < 1.2311.1.22 - Spoofing
CVSS 9.3
CVE-2024-41614 MEDIUM
Symphony CMS <= 2.7.10 - Cross-Site Scripting in Comment Component
CVSS 4.8
CVE-2024-41613 MEDIUM
Symphony CMS 2.7.10 - Stored Cross-Site Scripting via Note Editing
CVSS 5.4
CVE-2024-5849 HIGH
pepperl-fuchs Firmware - Unauthenticated Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-38502 HIGH
Pepperl-fuchs Multiple Firmware Products - Stored XSS
CVSS 7.1
CVE-2024-38501 MEDIUM
Pepperl+Fuchs ICDM-RX TCP SocketServer Firmware < 11.65 - Unauthenticated HTML Injection
CVSS 6.1
Details
Vulnerabilities 45,468
Exploit Likelihood High