Przykłady dla CWE-79: Improper Neutralization of Input During Web Page Generation...

	Tytuł	Data	Autor
Low	Wordpress Plugin Playlist for Youtube 1.32 Stored Cross-Site Scripting (XSS)	14.04.2024	Erdemstar
Low	Blood Bank v1.0 Stored Cross Site Scripting (XSS)	14.04.2024	Ersin Erenler
Med.	OX App Suite 7.10.6 Cross Site Scripting / Deserialization Issue	11.04.2024	Martin Heiland
Low	Concrete CMS 9.2.7 Cross Site Scripting / Open Redirect	11.04.2024	Andrey Stoykov
Low	HTMLy 2.9.6 Cross Site Scripting	08.04.2024	tmrswrr
Low	DerbyNet 9.0 render-document.php Cross Site Scripting	08.04.2024	Valentin Lobstein
Low	Seo Panel 4.7.0 Cross Site Scripting	06.04.2024	Arzu Demirez
Low	Workout Journal App 1.0 Cross Site Scripting	01.04.2024	MURAT CAGRI ALIS
Low	ARIS: Business Process Management 10.0.21.0 Cross Site Scripting	01.04.2024	Seid Yassin
Low	Bludit 3.13.0 Cross Site Scripting	26.03.2024	Gokhan Sensukur
Med.	Insurance Management System PHP And MySQL 1.0 Cross Site Scripting	26.03.2024	Hakki Toklu
Low	LimeSurvey Community 5.3.32 Cross Site Scripting	26.03.2024	Subhankar Singh
Low	Backdrop CMS 1.23.0 Cross Site Scripting	20.03.2024	Sinem Sahin
Low	Financials By Coda Cross Site Scripting	16.03.2024	Leo Draghi
Low	SnipeIT 6.2.1 Stored Cross Site Scripting	13.03.2024	Shahzaib Ali Khan
Low	FullCourt Enterprise 8.2 Cross Site Scripting	09.03.2024	Omar Sabagh
Med.	WordPress IDonate Blood Request Management System 1.8.1 Cross Site Scripting	29.02.2024	Laburity Research Team
Low	SitePad 1.8.2 Cross Site Scripting	22.02.2024	tmrswrr
Med.	OpenOLAT 18.1.5 Cross Site Scripting / Privilege Escalation	22.02.2024	Johannes Volpel
Low	SPA-CART CMS - Stored XSS	20.02.2024	Eren Sen
Med.	WonderCMS 4.3.2 Cross Site Scripting / Remote Code Execution	20.02.2024	prodigiousMind
Low	InstantCMS 2.16.1 Cross Site Scripting	20.02.2024	SoSPiro
Low	Savsoft Quiz v6.0 Enterprise - Persistent Cross-Site Scripting	20.02.2024	Eren Sen
Low	Statamic CMS Cross Site Scripting	18.02.2024	Niklas Schilling
High	Adapt CMS 3.0.3 Cross Site Scripting / Shell Upload	15.02.2024	Andrey Stoykov
Low	Wordpress simple urls Plugin < 115 XSS	15.02.2024	AmirZargham
Low	Advanced Page Visit Counter 1.0 Cross Site Scripting	10.02.2024	Furkan Ozer
Low	GYM MS 1.0 Cross Site Scripting	07.02.2024	yozgatalperen1
Low	WhatsUp Gold 2022 (22.1.0 Build 39) XSS	06.02.2024	Andreas Finstad
Low	WhatsUp Gold 2022 22.1.0 Build 39 Cross Site Scripting	06.02.2024	Andreas Finstad
Low	MISP 2.4.171 Cross Site Scripting	06.02.2024	Mucahit Ceri
Med.	WordPress POST SMTP Mailer 2.8.7 Authorization Bypass / Cross Site Scripting	13.01.2024	Ulyses Saicha
Low	PHPJabbers Cleaning Business Software 1.0 Cross Site Scripting	11.01.2024	Rahad Chowdhury
Low	PHPJabbers Event Ticketing System 1.0 Cross Site Scripting / HTML Injection	11.01.2024	Rahad Chowdhury
Low	PHPJabbers Shared Asset Booking System 1.0 Cross Site Scripting	11.01.2024	Rahad Chowdhury
Low	iGalerie 3.0.22 Cross Site Scripting	10.01.2024	tmrswrr
Low	WebCalendar 1.3.0 Cross Site Scripting	03.01.2024	tmrswrr
Low	WhatACart 2.0.7 Cross Site Scripting	27.12.2023	tmrswrr
Low	ShopSite 14.0 Cross Site Scripting	26.12.2023	tmrswrr
Low	GaatiTrack Courier Management System 1.0 Cross Site Scripting	20.11.2023	Rahad Chowdhury
Low	Shuttle Booking Software 2.0 Cross Site Scripting	20.11.2023	Rahad Chowdhury
Low	Moodle 4.3 Cross Site Scripting	23.10.2023	tmrswrr
Med.	WordPress Core 6.3.1 XSS / DoS / Arbitrary Shortcode Execution	13.10.2023	James Golovich
Low	WordPress Sonaar Music 4.7 Cross Site Scripting	10.10.2023	Furkan Karaarslan
Low	WordPress KiviCare 3.2.0 Cross Site Scripting	05.10.2023	Arvandy
Med.	SAP Enable Now Manager 10.6.5 Build 2804 Cloud Edition CSRF / XSS / Redirect	03.10.2023	Fabian Hagg
Low	openVIVA c2 20220101 Cross Site Scripting	03.10.2023	Daniel Hirschberger
Low	WordPress Contact Form Generator 2.5.5 Cross Site Scripting	03.10.2023	Arvandy
Med.	OPNsense 23.1.11_1 / 23.7.3 / 23.7.4 Cross Site Scripting / Privilege Escalation	25.09.2023	Yasar Klawohn
Low	Taskhub 2.8.8 Cross Site Scripting	24.09.2023	nu11secur1ty
Low	Night Club Booking Software 1.0 Cross Site Scripting	18.09.2023	nu11secur1ty
Low	Italia Mediasky CMS 2.0 Cross Site Scripting	18.09.2023	indoushka
Low	PTC - Codebeamer Cross Site Scripting	18.09.2023	Niklas Schilling
Low	Academy LMS 6.2 Cross Site Scripting	15.09.2023	CraCkEr
Med.	WordPress Slimstat Analytics 5.0.9 Cross Site Scripting / SQL Injection	13.09.2023	Lana Codes
Low	Cinema Booking System 1.0 Cross Site Scripting	10.09.2023	nu11secur1ty
Low	Event Booking Calendar 4.0 Cross Site Scripting	10.09.2023	nu11secur1ty
Low	Wordpress Sonaar Music Plugin 4.7 - Stored XSS	09.09.2023	Furkan Karaarslan
Low	Axigen 10.5.0–4370c946 Cross Site Scripting	09.09.2023	AmirZargham
Low	Axigen 10.5.0–4370c946 Cross Site Scripting	09.09.2023	AmirZargham
Low	CSZ CMS 1.3.0 Cross Site Scripting	04.09.2023	Daniel Gonzalez
Low	PHP JABBERS PHP Review Script 1.0 Cross Site Scripting	31.08.2023	nu11secur1ty
Low	Jorani 1.0.3 Cross Site Scripting	28.08.2023	nu11secur1ty
Low	User Registration And Login And User Management System 3.0 Cross Site Scripting	24.08.2023	Ashutosh Singh Umath
Low	Uvdesk 1.1.4 Cross Site Scripting	24.08.2023	Hubert Wojciechowski
Low	E-partenaire LMS 1.0.0 Cross Site Scripting	19.08.2023	indoushka
Low	Blood Donor Management System 1.0 Cross Site Scripting	16.08.2023	Ehlullah Albayrak
High	Hyip Rio 2.1 Cross Site Scripting / File Upload	16.08.2023	CraCkEr
Low	Advantech EKI-1524-CE / EKI-1522 / EKI-1521 Cross Site Scripting	15.08.2023	T. Weber
Med.	Phoenix Contact TC Cloud / TC Router 2.x XSS / Memory Consumption	15.08.2023	T. Weber
Low	Webedition CMS v2.9.8.8 Stored XSS	13.08.2023	Mirabbas Ağalarov
Low	Dolibarr 17.0.1>x Stored XSS	11.08.2023	Furkan Karaarslan
Low	Joomla VirtueMart Shopping Cart 4.0.12 Reflected XSS	11.08.2023	CraCkEr
Low	JLex GuestBook 1.6.4 Reflected XSS	10.08.2023	CraCkEr
Low	Lucee 5.4.2.17 Cross Site Scripting	09.08.2023	Yehia Elghaly
Low	WordPress Ninja Forms 3.6.25 Cross Site Scripting	08.08.2023	Mehran Seifalinia
Low	Webedition CMS 2.9.8.8 Cross Site Scripting	06.08.2023	Mirabbas Agalarov
Low	mooSocial 3.1.8 - Reflected XSS	05.08.2023	CraCkEr
Low	Social-Commerce 3.1.6 - Reflected XSS	05.08.2023	CraCkEr
Low	PHPJabbers Availability Booking Calendar 5.0 - Reflected XSS	03.08.2023	CraCkEr
Low	WordPress adivaha Travel Plugin 2.3 - Reflected XSS	03.08.2023	CraCkEr
Med.	OX App Suite SSRF / SQL Injection / Cross Site Scripting	03.08.2023	Mehmet Ince
Low	PHPJabbers Taxi Booking 2.0 Cross Site Scripting	03.08.2023	CraCkEr
Low	PHPJabbers Cleaning Business 1.0 Cross Site Scripting	03.08.2023	CraCkEr
Low	PHPJabbers Service Booking Script 1.0 Cross Site Scripting	03.08.2023	CraCkEr
Low	PHPJabbers Night Club Booking 1.0 Cross Site Scripting	03.08.2023	CraCkEr
Low	PHPJabbers Shuttle Booking Software 1.0 Cross Site Scripting	03.08.2023	CraCkEr
Low	Perch CMS 3.2 Cross Site Scripting	02.08.2023	Andrey Stoykov
Low	Joomla JLex GuestBook 1.6.4 Cross Site Scripting	02.08.2023	CraCkEr
Low	Joomla JLex Review 6.0.1 Cross Site Scripting	01.08.2023	CraCkEr
Low	JLex GuestBook 1.6.4 - Reflected XSS	01.08.2023	CraCkEr
Low	Zomplog 3.9 Cross-site scripting (XSS)	31.07.2023	Mirabbas Ağalarov
Low	Joomla iProperty Real Estate 4.1.1 Cross Site Scripting	31.07.2023	CraCkEr
Low	Copyparty 1.8.6 Cross Site Scripting	31.07.2023	Vartamtezidis Theodoro...
Low	Joomla Solidres 2.13.3 - Reflected XSS	29.07.2023	CraCkEr
Low	Joomla iProperty Real Estate 4.1.1 - Reflected XSS	29.07.2023	CraCkEr
Low	Joomla VirtueMart Shopping-Cart 4.0.12 - Reflected XSS	27.07.2023	CraCkEr
Low	WordPress PrePost SEO 3.0 Cross Site Scripting	27.07.2023	Taurus Omar
Low	WordPress Tablesome Cross Site Scripting	27.07.2023	Taurus Omar
Low	WordPress Login Configurator 2.1 Cross Site Scripting	27.07.2023	Taurus Omar

Common Weakness Enumeration (CWE)

CVE

Szczegóły

Opis

2024-04-15

CVE-2024-3776	Updating...	The parameter used in the login page of Netvision airPASS is not properly filtered for user input. An unauthenticated remote attacker can insert JavaScript code to the parameter for Reflected Cross-site scripting attacks.
CVE-2024-3766	Updating...	A vulnerability, which was classified as problematic, has been found in slowlyo OwlAdmin up to 3.5.7. Affected by this issue is some unknown functionality of the file /admin-api/upload_image of the component Image File Upload. The manipulation of the argument file leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-260606 is the identifier assigned to this vulnerability.
CVE-2024-32453	Updating...	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POEditor allows Stored XSS.This issue affects POEditor: from n/a through 0.9.8.
CVE-2024-32429	Updating...	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPChill Remove Footer Credit allows Stored XSS.This issue affects Remove Footer Credit: from n/a through 1.0.13.
CVE-2024-32428	Updating...	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Moss Web Works MWW Disclaimer Buttons allows Stored XSS.This issue affects MWW Disclaimer Buttons: from n/a through 3.0.2.
CVE-2024-32149	Updating...	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BlueGlass Jobs for WordPress allows Reflected XSS.This issue affects Jobs for WordPress: from n/a through 2.7.5.
CVE-2024-32147	Updating...	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Form Plugin Team - GhozyLab Easy Contact Form Lite allows Stored XSS.This issue affects Easy Contact Form Lite : from n/a through 1.1.23.
CVE-2024-32145	Updating...	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PineWise WP Google Analytics Events allows Reflected XSS.This issue affects WP Google Analytics Events: from n/a through 2.8.0.
CVE-2024-32140	Updating...	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Libsyn Libsyn Publisher Hub allows Stored XSS.This issue affects Libsyn Publisher Hub: from n/a through 1.4.4.
CVE-2024-32138	Updating...	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in KaizenCoders Short URL allows Reflected XSS.This issue affects Short URL: from n/a through 1.6.8.

14.04.2024

14.04.2024

11.04.2024

11.04.2024

08.04.2024

08.04.2024

06.04.2024

01.04.2024

01.04.2024

26.03.2024

26.03.2024

26.03.2024

20.03.2024

16.03.2024

13.03.2024

09.03.2024

29.02.2024

22.02.2024

22.02.2024

20.02.2024

20.02.2024

20.02.2024

20.02.2024

18.02.2024

15.02.2024

15.02.2024

10.02.2024

07.02.2024

06.02.2024

06.02.2024

06.02.2024

13.01.2024

11.01.2024

11.01.2024

11.01.2024

10.01.2024

03.01.2024

27.12.2023

26.12.2023

20.11.2023

20.11.2023

23.10.2023

13.10.2023

10.10.2023

05.10.2023

03.10.2023

03.10.2023

03.10.2023

25.09.2023

24.09.2023

18.09.2023

18.09.2023

18.09.2023

15.09.2023

13.09.2023

10.09.2023

10.09.2023

09.09.2023

09.09.2023

09.09.2023

04.09.2023

31.08.2023

28.08.2023

24.08.2023

24.08.2023

19.08.2023

16.08.2023

16.08.2023

15.08.2023

15.08.2023

13.08.2023

11.08.2023

11.08.2023

10.08.2023

09.08.2023