CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,472 vulnerabilities with CWE-79
CVE-2024-41613 MEDIUM
Symphony CMS 2.7.10 - Stored Cross-Site Scripting via Note Editing
CVSS 5.4
CVE-2024-5849 HIGH
pepperl-fuchs Firmware - Unauthenticated Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-38502 HIGH
Pepperl-fuchs Multiple Firmware Products - Stored XSS
CVSS 7.1
CVE-2024-38501 MEDIUM
Pepperl+Fuchs ICDM-RX TCP SocketServer Firmware < 11.65 - Unauthenticated HTML Injection
CVSS 6.1
CVE-2024-41774 MEDIUM
IBM Common Licensing 9.0 - Stored Cross-Site Scripting
CVSS 4.8
CVE-2024-38752 MEDIUM
Zoho Campaigns <= 2.0.8 - Cross-Site Scripting
CVSS 6.5
CVE-2024-38724 HIGH
Contact Form 7 Summary and Print <1.2.5 - XSS
CVSS 7.1
CVE-2024-2259 MEDIUM
InstaRISPACS 3.0.0-4.0.0 Build 29 and 5.0.0 Build 19 - Reflected Cross-Site Scripting via LoginTo Parameter
CVE-2024-7247 MEDIUM
Element Pack Elementor Addons <= 5.7.2 - Authenticated Stored XSS via Custom Gallery and Countdown Widgets
CVSS 6.4
CVE-2024-6724 MEDIUM
Generate Images WordPress <5.2.8 - XSS
CVSS 4.8
CVE-2024-7092 MEDIUM
Essential Addons for Elementor < 5.9.27 - Authenticated Stored Cross-Site Scripting via no_more_items_text Parameter
CVSS 6.4
CVE-2024-41735 MEDIUM
SAP Commerce Backoffice - Cross-Site Scripting
CVSS 5.4
CVE-2024-7388 MEDIUM
WP Bannerize Pro <= 1.9.0 - Authenticated Stored Cross-Site Scripting via Banner Alt Data
CVSS 4.0
CVE-2024-7709 MEDIUM
OcoMon 4.0RC1/4.0/5.0RC1 - Cross-Site Scripting in URL Handler
CVSS 4.3
CVE-2024-43150 MEDIUM
Xpro Elementor Addons <1.4.4.2 - XSS
CVSS 6.5
CVE-2024-43149 MEDIUM
CM Tooltip Glossary < 4.3.7 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-43148 MEDIUM
bPlugins StreamCast <= 2.2.3 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2024-43147 MEDIUM
Selection Lite <= 1.11 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-43139 MEDIUM
Antoine Hurkmans Football Pool <2.11.9 - XSS
CVSS 6.5
CVE-2024-43137 MEDIUM
WappPress < 6.0.4 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2024-43133 MEDIUM
Themify Themify Shortcodes <2.1.1 - XSS
CVSS 6.5
CVE-2024-43130 MEDIUM
Antoine Hurkmans Football Pool <2.11.10 - XSS
CVSS 5.9
CVE-2024-43127 HIGH
WPFactory Products, Order & Customers Export - WooCommerce <2.0.11 ...
CVSS 7.1
CVE-2024-43126 HIGH
Sender - Newsletter, SMS and Email Marketing Automation for WooCommerce < 2.6.14 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-43125 MEDIUM
WP Table Builder < 1.4.15 - Stored Cross-Site Scripting
CVSS 6.5
Details
Vulnerabilities 45,472
Exploit Likelihood High