Przykłady dla CWE-79: Improper Neutralization of Input During Web Page Generation...

	Tytuł	Data	Autor
Low	Calibre-web 0.6.21 Stored XSS	17.11.2024	Pentest-Tools
Low	Booked Scheduler 2.8.5 Cross Site Scripting / Open Redirection	29.10.2024	Andrey Stoykov
Low	SofaWiki 3.9.2 Cross Site Scripting	25.10.2024	Chokri Hammedi
Low	Book Recording App 2024-09-24 Cross Site Scripting	07.10.2024	Arif Ari
Low	SeedDMS 6.0.28 Cross Site Scripting	02.10.2024	Marco Nappi
Low	Elaine's Realtime CRM Automation 6.18.17 Cross Site Scripting	26.09.2024	Haythem Arfaoui
Low	Elaine's Realtime CRM Automation 6.18.17 Cross Site Scripting	24.09.2024	Haythem Arfaoui
Low	FortiSiem 7.1.3 Stored XSS	08.09.2024	Ersin Sarisoy
Low	Helpdeskz 2.0.2 Cross Site Scripting	27.08.2024	Md. Sadikul Islam
Low	OX App Suite Frontend 7.10.6-rev44 Cross Site Scripting	26.08.2024	Martin Heiland
Low	Calibre Web 0.6.21 Cross Site Scripting	26.08.2024	Catalin Iovita
Low	WordPress Profilepro 1.3 Cross Site Scripting	14.08.2024	Vuln Seeker Cybersecur...
Low	WordPress MapFig Studio 0.2.1 Cross Site Request Forgery / Cross Site Scripting	14.08.2024	Vuln Seeker Cybersecur...
Low	WP-UserOnline 2.88.0 Stored Cross Site Scripting (XSS) (Authenticated)	08.08.2024	Onur Göğebakan
Med.	ReadyMade Unilevel Ecommerce MLM Blind SQL Injection / Cross Site Scripting	03.08.2024	OoN_Boy
Med.	Leads Manager Tool SQL Injection / Cross Site Scripting	03.08.2024	OoN_Boy
Med.	Apache mod_proxy_cluster Stored XSS	16.07.2024	Anonymous
Low	iMLog < 1.307 Persistent Cross Site Scripting (XSS)	16.07.2024	Gabriel Felipe
Low	LumisXP 16.1.x Cross Site Scripting	11.07.2024	Rodolfo Tavares
Low	WordPress Photo Gallery 1.8.26 Cross Site Scripting	10.07.2024	tmrswrr
Low	ResidenceCMS 2.10.1 Cross Site Scripting	09.07.2024	Jeremia Geraldi Sihomb...
Low	Customer Support System 1.0 Stored XSS	02.07.2024	Geraldo Alcantara
Low	WordPress WPCode Lite 2.1.14 Cross Site Scripting	02.07.2024	tmrswrr
Low	WordPress FooGallery 2.4.16 Cross Site Scripting	02.07.2024	tmrswrr
Low	WordPress Gallery 2.3.6 Cross Site Scripting	02.07.2024	tmrswrr
Low	Automad 2.0.0-alpha.4 Cross Site Scripting	26.06.2024	Jerry Thomas
Low	Flatboard 3.2 Cross Site Scripting	24.06.2024	tmrswrr
Low	XMB 1.9.12.06 Cross Site Scripting	18.06.2024	Chokri Hammedi
Low	Premium Support Tickets For WHMCS 1.2.10 Cross Site Scripting	15.06.2024	Sajibe Kanti
Low	AEGON LIFE 1.0 Cross Site Scripting	15.06.2024	Aslam Anwar Mahimkar
Med.	Kiuwan Local Analyzer / SAST / SaaS XML Injection / XSS / IDOR	10.06.2024	C. Schwarz
Med.	SEH utnserver Pro/ProMAX / INU-100 20.1.22 XSS / DoS / File Disclosure	10.06.2024	T. Weber
Low	Sitefinity 15.0 Cross Site Scripting	04.06.2024	Aldi Saputra Wahyudi
Low	iMLog Cross Site Scripting	02.06.2024	Gabriel Felipe
Low	ORing IAP-420 2.01e Cross Site Scripting / Command Injection	02.06.2024	T. Weber
Med.	HAWKI 1.0.0-beta.1 XSS / File Overwrite / Session Fixation	29.05.2024	Thorger Jansen
High	NorthStar C2 Cross Site Scripting / Code Execution	28.05.2024	h00die
Low	Jcow Social Network Cross Site Scripting	24.05.2024	tmrswrr
High	CHAOS 5.0.8 Cross Site Scripting / Remote Command Execution	22.05.2024	h00die
Low	Rocket LMS 1.9 Cross Site Scripting	22.05.2024	Sergio Medeiros
Low	Nethserver 7 / 8 Cross Site Scripting	22.05.2024	Andrea Intilangelo
Low	Panel.SmokeLoader MVID-2024-0682 Cross Site Request Forgery / Cross Site Scripting	19.05.2024	malvuln
Low	Panel.SmokeLoader MVID-2024-0681 Cross Site Scripting	19.05.2024	malvuln
Low	Chyrp 2.5.2 Cross Site Scripting	14.05.2024	Ahmet Umit Bayram
Low	Apache mod_proxy_cluster Cross Site Scripting	14.05.2024	Mohamed Mounir Boudjem...
Low	Leafpub 1.1.9 Cross Site Scripting	14.05.2024	Ahmet Umit Bayram
Low	Esteghlal F.C. Cross Site Scripting	13.05.2024	E1.Coders
Low	Panel Amadey.d.c MVID-2024-0680 Cross Site Scripting	11.05.2024	malvuln
Low	SOPlanning 1.52.00 Cross Site Scripting	04.05.2024	liquidsky
Low	Doctor Appointment Management System 1.0 Cross Site Scripting	01.05.2024	SoSPiro
Low	Wordpress Plugin Alemha Watermarker 1.3.1 Stored Cross-Site Scripting (XSS)	21.04.2024	Erdemstar
Low	Wordpress Plugin Playlist for Youtube 1.32 Stored Cross-Site Scripting (XSS)	14.04.2024	Erdemstar
Low	Blood Bank v1.0 Stored Cross Site Scripting (XSS)	14.04.2024	Ersin Erenler
Med.	OX App Suite 7.10.6 Cross Site Scripting / Deserialization Issue	11.04.2024	Martin Heiland
Low	Concrete CMS 9.2.7 Cross Site Scripting / Open Redirect	11.04.2024	Andrey Stoykov
Low	HTMLy 2.9.6 Cross Site Scripting	08.04.2024	tmrswrr
Low	DerbyNet 9.0 render-document.php Cross Site Scripting	08.04.2024	Valentin Lobstein
Low	Seo Panel 4.7.0 Cross Site Scripting	06.04.2024	Arzu Demirez
Low	Workout Journal App 1.0 Cross Site Scripting	01.04.2024	MURAT CAGRI ALIS
Low	ARIS: Business Process Management 10.0.21.0 Cross Site Scripting	01.04.2024	Seid Yassin
Low	Bludit 3.13.0 Cross Site Scripting	26.03.2024	Gokhan Sensukur
Med.	Insurance Management System PHP And MySQL 1.0 Cross Site Scripting	26.03.2024	Hakki Toklu
Low	LimeSurvey Community 5.3.32 Cross Site Scripting	26.03.2024	Subhankar Singh
Low	Backdrop CMS 1.23.0 Cross Site Scripting	20.03.2024	Sinem Sahin
Low	Financials By Coda Cross Site Scripting	16.03.2024	Leo Draghi
Low	SnipeIT 6.2.1 Stored Cross Site Scripting	13.03.2024	Shahzaib Ali Khan
Low	FullCourt Enterprise 8.2 Cross Site Scripting	09.03.2024	Omar Sabagh
Med.	WordPress IDonate Blood Request Management System 1.8.1 Cross Site Scripting	29.02.2024	Laburity Research Team
Low	SitePad 1.8.2 Cross Site Scripting	22.02.2024	tmrswrr
Med.	OpenOLAT 18.1.5 Cross Site Scripting / Privilege Escalation	22.02.2024	Johannes Volpel
Low	SPA-CART CMS - Stored XSS	20.02.2024	Eren Sen
Med.	WonderCMS 4.3.2 Cross Site Scripting / Remote Code Execution	20.02.2024	prodigiousMind
Low	InstantCMS 2.16.1 Cross Site Scripting	20.02.2024	SoSPiro
Low	Savsoft Quiz v6.0 Enterprise - Persistent Cross-Site Scripting	20.02.2024	Eren Sen
Low	Statamic CMS Cross Site Scripting	18.02.2024	Niklas Schilling
High	Adapt CMS 3.0.3 Cross Site Scripting / Shell Upload	15.02.2024	Andrey Stoykov
Low	Wordpress simple urls Plugin < 115 XSS	15.02.2024	AmirZargham
Low	Advanced Page Visit Counter 1.0 Cross Site Scripting	10.02.2024	Furkan Ozer
Low	GYM MS 1.0 Cross Site Scripting	07.02.2024	yozgatalperen1
Low	WhatsUp Gold 2022 (22.1.0 Build 39) XSS	06.02.2024	Andreas Finstad
Low	WhatsUp Gold 2022 22.1.0 Build 39 Cross Site Scripting	06.02.2024	Andreas Finstad
Low	MISP 2.4.171 Cross Site Scripting	06.02.2024	Mucahit Ceri
Med.	WordPress POST SMTP Mailer 2.8.7 Authorization Bypass / Cross Site Scripting	13.01.2024	Ulyses Saicha
Low	PHPJabbers Cleaning Business Software 1.0 Cross Site Scripting	11.01.2024	Rahad Chowdhury
Low	PHPJabbers Event Ticketing System 1.0 Cross Site Scripting / HTML Injection	11.01.2024	Rahad Chowdhury
Low	PHPJabbers Shared Asset Booking System 1.0 Cross Site Scripting	11.01.2024	Rahad Chowdhury
Low	iGalerie 3.0.22 Cross Site Scripting	10.01.2024	tmrswrr
Low	WebCalendar 1.3.0 Cross Site Scripting	03.01.2024	tmrswrr
Low	WhatACart 2.0.7 Cross Site Scripting	27.12.2023	tmrswrr
Low	ShopSite 14.0 Cross Site Scripting	26.12.2023	tmrswrr
Low	GaatiTrack Courier Management System 1.0 Cross Site Scripting	20.11.2023	Rahad Chowdhury
Low	Shuttle Booking Software 2.0 Cross Site Scripting	20.11.2023	Rahad Chowdhury
Low	Moodle 4.3 Cross Site Scripting	23.10.2023	tmrswrr
Med.	WordPress Core 6.3.1 XSS / DoS / Arbitrary Shortcode Execution	13.10.2023	James Golovich
Low	WordPress Sonaar Music 4.7 Cross Site Scripting	10.10.2023	Furkan Karaarslan
Low	WordPress KiviCare 3.2.0 Cross Site Scripting	05.10.2023	Arvandy
Med.	SAP Enable Now Manager 10.6.5 Build 2804 Cloud Edition CSRF / XSS / Redirect	03.10.2023	Fabian Hagg
Low	openVIVA c2 20220101 Cross Site Scripting	03.10.2023	Daniel Hirschberger
Low	WordPress Contact Form Generator 2.5.5 Cross Site Scripting	03.10.2023	Arvandy
Med.	OPNsense 23.1.11_1 / 23.7.3 / 23.7.4 Cross Site Scripting / Privilege Escalation	25.09.2023	Yasar Klawohn

Common Weakness Enumeration (CWE)

CVE

Szczegóły

Opis

2024-10-22

CVE-2024-9590	Updating...	The Category and Taxonomy Meta Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image meta field value in the 'wpaft_add_meta_textinput' function in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with editor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
CVE-2024-9589	Updating...	The Category and Taxonomy Meta Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'new_meta_name' parameter in the 'wpaft_option_page' function in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with administrator-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
CVE-2024-9231	Updating...	The WP-Members Membership Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.4.9.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
CVE-2024-10189	Updating...	The Anchor Episodes Index (Spotify for Podcasters) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's anchor_episodes shortcode in all versions up to, and including, 2.1.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVE-2024-10234	Updating...	A vulnerability was found in Wildfly, where a user may perform Cross-site scripting in the Wildfly deployment system. This flaw allows an attacker or insider to execute a deployment with a malicious payload, which could trigger undesired behavior against the server.
CVE-2024-47819	Updating...	Umbraco, a free and open source .NET content management system, has a cross-site scripting vulnerability starting in version 14.0.0 and prior to versions 14.3.1 and 15.0.0. This can be leveraged to gain access to higher-privilege endpoints, e.g. if you get a user with admin privileges to run the code, you can potentially elevate all users and grant them admin privileges or access protected content. Versions 14.3.1 and 15.0.0 contain a patch. As a workaround, ensure that access to the Dictionary section is only granted to trusted users.

2024-10-21

	CVE-2024-10198	Updating...	A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /manage_customer.php of the component Manage Customer Page. The manipulation of the argument suppliers_name/address leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions contradicting files to be affected. Other parameters might be affected as well.
	CVE-2024-10197	Updating...	A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /manage_supplier.php of the component Manage Supplier Page. The manipulation of the argument address leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

2024-10-20

	CVE-2024-49631	Updating...	Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Md Abdul Kader Easy Addons for Elementor allows Stored XSS.This issue affects Easy Addons for Elementor: from n/a through 1.3.0.
	CVE-2024-49630	Updating...	Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in HT Plugins WP Education allows Stored XSS.This issue affects WP Education: from n/a through 1.2.8.

17.11.2024

29.10.2024

25.10.2024

07.10.2024

02.10.2024

26.09.2024

24.09.2024

08.09.2024

27.08.2024

26.08.2024

26.08.2024

14.08.2024

14.08.2024

08.08.2024

03.08.2024

03.08.2024

16.07.2024

16.07.2024

11.07.2024

10.07.2024

09.07.2024

02.07.2024

02.07.2024

02.07.2024

02.07.2024

26.06.2024

24.06.2024

18.06.2024

15.06.2024

15.06.2024

10.06.2024

10.06.2024

04.06.2024

02.06.2024

02.06.2024

29.05.2024

28.05.2024

24.05.2024

22.05.2024

22.05.2024

22.05.2024

19.05.2024

19.05.2024

14.05.2024

14.05.2024

14.05.2024

13.05.2024

11.05.2024

04.05.2024

01.05.2024

21.04.2024

14.04.2024

14.04.2024

11.04.2024

11.04.2024

08.04.2024

08.04.2024

06.04.2024

01.04.2024

01.04.2024

26.03.2024

26.03.2024

26.03.2024

20.03.2024

16.03.2024

13.03.2024

09.03.2024

29.02.2024

22.02.2024

22.02.2024

20.02.2024

20.02.2024

20.02.2024

20.02.2024

18.02.2024