CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,477 vulnerabilities with CWE-79
CVE-2024-43359 NONE
ZoneMinder < 1.36.34 - Cross-Site Scripting via Montagereview Parameters
CVE-2024-43358 MEDIUM
ZoneMinder < 1.36.34 - Cross-Site Scripting via Filter View Id Parameter
CVSS 6.1
CVE-2024-43233 HIGH
BannerSky BSK Forms Blacklist <3.8 - XSS
CVSS 7.1
CVE-2024-43231 MEDIUM
Themeum Tutor LMS <= 2.7.3 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-43227 MEDIUM
WPDeveloper BetterDocs <3.5.8 - XSS
CVSS 6.5
CVE-2024-40500 HIGH
Martin Kucej i-librarian <5.11.0 - XSS
CVSS 8.6
CVE-2024-33536 MEDIUM
Zimbra Collaboration 9.0-10.0 < 10.0.8 - Authenticated Stored Cross-Site Scripting via res Parameter
CVSS 5.4
CVE-2024-33533 MEDIUM
Zimbra Collaboration 9.0-10.0 - Authenticated Reflected Cross-Site Scripting via Packages Parameter
CVSS 5.4
CVE-2024-27443 MEDIUM KEV
Zimbra Collaboration - Cross-Site Scripting (XSS)
CVSS 6.1
CVE-2024-21550 MEDIUM
steve < 3.5.1 - Stored Cross-Site Scripting via WebSocket Input
CVSS 6.1
CVE-2024-6639 MEDIUM
MDx <= 2.0.3 - Authenticated Stored Cross-Site Scripting via mdx_list_item Shortcode
CVSS 6.4
CVE-2024-7686 LOW
Kortex Lite Advocate Office Management System 1.0 - Cross-Site Scripting via register_case.php
CVSS 3.5
CVE-2024-7685 LOW
SourceCodester Kortex Lite Advocate Office Management System 1.0 - Cross-Site Scripting
CVSS 3.5
CVE-2024-7684 LOW
SourceCodester Kortex Lite Advocate Office Management System 1.0 - Cross-Site Scripting via add_act.php aname Parameter
CVSS 3.5
CVE-2024-7683 LOW
SourceCodester Kortex Lite Advocate Office Management System 1.0 - XSS via addcase_stage.php cname
CVSS 3.5
CVE-2024-7678 LOW
SourceCodester Car Driving School Management System 1.0 - Cross-Site Scripting via Master.php Package Parameters
CVSS 3.5
CVE-2024-7677 LOW
Car Driving School Management System 1.0 - Cross-Site Scripting via System Settings Update
CVSS 3.5
CVE-2024-7660 LOW
File Manager App 1.0 - Cross-Site Scripting via File Title/Uploaded By Parameter
CVSS 3.5
CVE-2024-7657 LOW
Gila CMS 1.10.9 - Cross-Site Scripting via HTTP POST Request Handler
CVSS 3.5
CVE-2024-7649 MEDIUM
Opal Membership <= 1.2.4 - Unauthenticated Stored Cross-Site Scripting via Checkout Form Fields
CVSS 6.1
CVE-2024-7644 LOW
SourceCodester Leads Manager Tool 1.0 - Cross-Site Scripting via Add Leads Handler
CVSS 3.5
CVE-2024-7512 MEDIUM
Concrete CMS 9.0.0-9.3.2 - Stored Cross-Site Scripting in Board Instances
CVSS 4.8
CVE-2024-6692 LOW
Easy Digital Downloads <3.3.2 - XSS
CVSS 3.3
CVE-2024-6691 MEDIUM
Easy Digital Downloads <3.3.2 - XSS
CVSS 4.4
CVE-2024-6158 MEDIUM
WordPress Plugin <4.9.17-4.9.13 - XSS
CVSS 4.8
Details
Vulnerabilities 45,477
Exploit Likelihood High