CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,468 vulnerabilities with CWE-79
CVE-2024-27728
MEDIUM
Friendica 2023.12 - Cross-Site Scripting via Babel Debug Text Parameter
CVSS 6.1
CVE-2024-42678
MEDIUM
Super easy enterprise management system <1.0.0 - XSS
CVSS 6.1
CVE-2024-7064
MEDIUM
ElementsKit Pro <= 3.6.5 - Authenticated Stored Cross-Site Scripting via Multiple Parameters
CVSS 6.4
CVE-2024-7815
LOW
CodeAstro Online Railway Reservation System 1.0 - Stored Cross-Site Scripting via Update Employee Page
CVSS 2.4
CVE-2024-7814
LOW
CodeAstro Online Railway Reservation System 1.0 - Stored Cross-Site Scripting via Add Employee Page
CVSS 2.4
CVE-2024-7812
LOW
Best House Rental Management System 1.0 - Stored Cross-Site Scripting via Tenant Last Name Parameter
CVSS 3.5
CVE-2024-6533
MEDIUM
Directus v10.13.0 - Authenticated Stored Cross-Site Scripting
CVSS 5.4
CVE-2024-43368
MEDIUM
Trix < 2.1.4 - Cross-Site Scripting via Malicious Paste Bypass
CVSS 6.5
CVE-2024-7793
LOW
SourceCodester Task Progress Tracker 1.0 - Cross-Site Scripting via task_name Parameter
CVSS 3.5
CVE-2024-7790
MEDIUM
DevikaAI >= 2024-06-08 - Stored Cross-Site Scripting via Improperly Decoded User Input
CVSS 6.5
CVE-2024-39403
HIGH
Adobe Commerce 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier - Stored Cross-Site Scripting in Form Fields
CVSS 7.6
CVE-2024-39400
HIGH
Adobe Commerce 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier - DOM-based Cross-Site Scripting
CVSS 8.1
CVE-2024-6532
MEDIUM
Sheet to Table Live Sync <1.0.1 - XSS
CVSS 6.4
CVE-2024-7588
MEDIUM
Gutenberg Blocks, Page Builder - ComboBlocks <= 2.2.87 - Authenticated Stored Cross-Site Scripting via Accordion Block
CVSS 6.4
CVE-2024-7752
LOW
Clinic's Patient Management System 1.0 - Cross-Site Scripting via Medicine Name Parameter
CVSS 3.5
CVE-2024-7749
LOW
SourceCodester Accounts Manager App 1.0 - Cross-Site Scripting via account_name Parameter
CVSS 3.5
CVE-2024-7739
MEDIUM
yzane markdown_pdf 1.5.0 - Cross-Site Scripting
CVSS 4.3
CVE-2024-7733
LOW
FastCMS < 0.1.5 - Cross-Site Scripting in New Article Category Page
CVSS 3.5
CVE-2024-38211
HIGH
Microsoft Dynamics 365 (on-premises) - XSS
CVSS 8.2
CVE-2024-38108
CRITICAL
Azure Stack Hub < 1.2311.1.22 - Spoofing
CVSS 9.3
CVE-2024-41614
MEDIUM
Symphony CMS <= 2.7.10 - Cross-Site Scripting in Comment Component
CVSS 4.8
CVE-2024-41613
MEDIUM
Symphony CMS 2.7.10 - Stored Cross-Site Scripting via Note Editing
CVSS 5.4
CVE-2024-5849
HIGH
pepperl-fuchs Firmware - Unauthenticated Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-38502
HIGH
Pepperl-fuchs Multiple Firmware Products - Stored XSS
CVSS 7.1
CVE-2024-38501
MEDIUM
Pepperl+Fuchs ICDM-RX TCP SocketServer Firmware < 11.65 - Unauthenticated HTML Injection
CVSS 6.1
Details
Vulnerabilities
45,468
Exploit Likelihood
High