CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,477 vulnerabilities with CWE-79
CVE-2024-43359
NONE
ZoneMinder < 1.36.34 - Cross-Site Scripting via Montagereview Parameters
CVE-2024-43358
MEDIUM
ZoneMinder < 1.36.34 - Cross-Site Scripting via Filter View Id Parameter
CVSS 6.1
CVE-2024-43233
HIGH
BannerSky BSK Forms Blacklist <3.8 - XSS
CVSS 7.1
CVE-2024-43231
MEDIUM
Themeum Tutor LMS <= 2.7.3 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-43227
MEDIUM
WPDeveloper BetterDocs <3.5.8 - XSS
CVSS 6.5
CVE-2024-40500
HIGH
Martin Kucej i-librarian <5.11.0 - XSS
CVSS 8.6
CVE-2024-33536
MEDIUM
Zimbra Collaboration 9.0-10.0 < 10.0.8 - Authenticated Stored Cross-Site Scripting via res Parameter
CVSS 5.4
CVE-2024-33533
MEDIUM
Zimbra Collaboration 9.0-10.0 - Authenticated Reflected Cross-Site Scripting via Packages Parameter
CVSS 5.4
CVE-2024-27443
MEDIUM
KEV
Zimbra Collaboration - Cross-Site Scripting (XSS)
CVSS 6.1
CVE-2024-21550
MEDIUM
steve < 3.5.1 - Stored Cross-Site Scripting via WebSocket Input
CVSS 6.1
CVE-2024-6639
MEDIUM
MDx <= 2.0.3 - Authenticated Stored Cross-Site Scripting via mdx_list_item Shortcode
CVSS 6.4
CVE-2024-7686
LOW
Kortex Lite Advocate Office Management System 1.0 - Cross-Site Scripting via register_case.php
CVSS 3.5
CVE-2024-7685
LOW
SourceCodester Kortex Lite Advocate Office Management System 1.0 - Cross-Site Scripting
CVSS 3.5
CVE-2024-7684
LOW
SourceCodester Kortex Lite Advocate Office Management System 1.0 - Cross-Site Scripting via add_act.php aname Parameter
CVSS 3.5
CVE-2024-7683
LOW
SourceCodester Kortex Lite Advocate Office Management System 1.0 - XSS via addcase_stage.php cname
CVSS 3.5
CVE-2024-7678
LOW
SourceCodester Car Driving School Management System 1.0 - Cross-Site Scripting via Master.php Package Parameters
CVSS 3.5
CVE-2024-7677
LOW
Car Driving School Management System 1.0 - Cross-Site Scripting via System Settings Update
CVSS 3.5
CVE-2024-7660
LOW
File Manager App 1.0 - Cross-Site Scripting via File Title/Uploaded By Parameter
CVSS 3.5
CVE-2024-7657
LOW
Gila CMS 1.10.9 - Cross-Site Scripting via HTTP POST Request Handler
CVSS 3.5
CVE-2024-7649
MEDIUM
Opal Membership <= 1.2.4 - Unauthenticated Stored Cross-Site Scripting via Checkout Form Fields
CVSS 6.1
CVE-2024-7644
LOW
SourceCodester Leads Manager Tool 1.0 - Cross-Site Scripting via Add Leads Handler
CVSS 3.5
CVE-2024-7512
MEDIUM
Concrete CMS 9.0.0-9.3.2 - Stored Cross-Site Scripting in Board Instances
CVSS 4.8
CVE-2024-6692
LOW
Easy Digital Downloads <3.3.2 - XSS
CVSS 3.3
CVE-2024-6691
MEDIUM
Easy Digital Downloads <3.3.2 - XSS
CVSS 4.4
CVE-2024-6158
MEDIUM
WordPress Plugin <4.9.17-4.9.13 - XSS
CVSS 4.8
Details
Vulnerabilities
45,477
Exploit Likelihood
High