Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-94

CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,506 vulnerabilities with CWE-94

CVE-2024-12991 LOW

DBShop 3.3 Release 231225 - Cross-Site Scripting via orderStatus Parameter

CVE-2024-12983 LOW

Hospital Management System 1.0 - Cross-Site Scripting via Doctor Name Parameter

CVE-2024-12982 LOW

PHPGurukul Blood Bank & Donor Management System 2.4 - Cross-Site Scripting via Address Parameter

CVE-2024-12980 MEDIUM

Job Recruitment 1.0 - Cross-Site Scripting via fname/lname Argument in fln_update Function

CVE-2024-12979 MEDIUM

Job Recruitment 1.0 - Cross-Site Scripting via cname Argument in cn_update Function

CVE-2024-54907 HIGH

TOTOLINK A3002R V4.0.0-B20230531.1404 - Remote Code Execution via formWsc

CVE-2024-12908 MEDIUM

Delinea Secret Server < 11.9.000006 - Remote Code Execution via Protocol Handler URI Normalization Bypass

CVE-2024-12952 MEDIUM

melMass comfy_mtb <0.1.4 - Code Injection

CVE-2024-12933 LOW

code-projects Simple Admin Panel 1.0 - Cross-Site Scripting via updateItemController.php p_name/p_desc Parameters

CVE-2024-12652 HIGH

SmartRobot's Conversational AI Platform <7.2.0 - Code Injection

CVE-2024-12932 LOW

code-projects Simple Admin Panel 1.0 - Cross-Site Scripting via addSizeController.php Size Argument

CVE-2024-12930 LOW

code-projects Simple Admin Panel 1.0 - Cross-Site Scripting via c_name Parameter in addCatController.php

CVE-2024-12900 MEDIUM

FoxCMS < 1.2 - Remote Code Injection via Database Password Parameter

CVE-2024-12893 LOW

Portabilis i-educar < 2.9 - Stored Cross-Site Scripting via Tipo de Usurio Page

CVE-2024-12892 LOW

Online Exam Mastering System 1.0 - Cross-Site Scripting via sign.php name/gender/college Parameters

CVE-2024-12883 MEDIUM

Job Recruitment 1.0 - Cross-Site Scripting via Email Parameter in _email.php

CVE-2024-11977 HIGH

kk Star Ratings - WordPress <=5.4.10 - RCE

CVE-2024-12846 MEDIUM

emlog < 2.4.1 - Cross-Site Scripting via /admin/link.php siteurl/icon Parameter

CVE-2024-12845 LOW

emlog < 2.4.1 - Cross-Site Scripting via msg Argument in common.php

CVE-2024-56334 HIGH

systeminformation < 5.23.7 - OS Command Injection via SSID Parameter in getWindowsIEEE8021x

CVE-2024-12844 MEDIUM

emlog < 2.4.1 - Cross-Site Scripting via /admin/store.php Tag Parameter

CVE-2024-12843 MEDIUM

emlog < 2.4.1 - Cross-Site Scripting via /admin/plugin.php filter Parameter

CVE-2024-56333 CRITICAL

Onyxia-API <4.2.0-<2.8.2 - Authenticated RCE

CVE-2024-12842 MEDIUM

emlog < 2.4.1 - Cross-Site Scripting via /admin/user.php Keyword Parameter

CVE-2024-12841 MEDIUM

emlog < 2.4.1 - Cross-Site Scripting via /admin/tag.php Keyword Parameter

Previous Page 93 of 261 Next

Details

Vulnerabilities 6,506

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy