Weaknesses of type CWE-79

26,052 results
CVE-2024-31138MEDIUMIn JetBrains TeamCity before 2024.03 xSS was possible via Agent Distribution settingsEPSS 74.5%CVE-2019-9978MEDIUMThe social-warfare plugin before 3.5.3 for WordPress has stored XSS via the wp-admin/admin-post.php?swp_debug=load_options swp_url parameterEPSS 73.5%KEVCVE-2024-37383MEDIUMRoundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via SVG animate attributes.EPSS 73.3%KEVCVE-2023-5914MEDIUM  Cross-site scripting (XSS)EPSS 73.1%CVE-2023-45138CRITICALChange Request Application vulnerable to XSS and remote code execution through change request titleEPSS 71.2%CVE-2023-32071CRITICALXWiki Platform vulnerable to RXSS via editor parameter - importinline templateEPSS 71.1%CVE-2022-36098HIGHXWiki Platform Mentions UI vulnerable to Cross-site ScriptingEPSS 71.0%CVE-2023-5631MEDIUMStored XSS vulnerability in RoundcubeEPSS 70.9%KEVCVE-2020-8264In actionpack gem >= 6.0.0, a possible XSS vulnerability exists when an application is running in development mode allowing an attacker to sEPSS 70.7%CVE-2022-47523CRITICALZoho ManageEngine Access Manager Plus before 4309, Password Manager Pro before 12210, and PAM360 before 5801 are vulnerable to SQL InjectionEPSS 70.6%CVE-2022-0218HIGHWP HTML Mail <= 3.0.9 Missing Authorization on REST-API RouteEPSS 70.5%CVE-2021-25919MEDIUMIn OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly. A hiEPSS 69.9%CVE-2024-49754HIGHLibreNMS has a stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/api-access.inc.phpEPSS 69.8%CVE-2022-31097HIGHStored XSS in Grafana's Unified AlertingEPSS 68.6%CVE-2022-34258MEDIUMAdobe Commerce Stored XSS Arbitrary code executionEPSS 68.3%CVE-2022-48428MEDIUMIn JetBrains TeamCity before 2022.10.3 stored XSS on the SSH keys page was possibleEPSS 68.0%CVE-2019-18426HIGHA vulnerability in WhatsApp Desktop versions prior to 0.3.9309 when paired with WhatsApp for iPhone versions prior to 2.20.10 allows cross-sEPSS 67.9%KEVCVE-2024-2194HIGHWP Statistics <= 14.5 - Unauthenticated Stored Cross-Site ScriptingEPSS 67.7%CVE-2022-0364Modern Events Calendar Lite < 6.4.0 - Contributor+ Stored Cross Site ScriptingEPSS 67.1%CVE-2023-4347HIGHCross-site Scripting (XSS) - Reflected in librenms/librenmsEPSS 66.9%