CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Description
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-209 · CAPEC-588 · CAPEC-591 · CAPEC-592 · CAPEC-63 · CAPEC-85
CVEs mapped to this weakness (23,315)
page 853 of 1,166| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-4692 | — | 0.00 | — | 0.01 | Dec 23, 2022 | Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0. | ||
| CVE-2022-4690 | — | 0.00 | — | 0.01 | Dec 23, 2022 | Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0. | ||
| CVE-2022-4695 | — | 0.00 | — | 0.01 | Dec 23, 2022 | Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0. | ||
| CVE-2022-4694 | — | 0.00 | — | 0.01 | Dec 23, 2022 | Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0. | ||
| CVE-2022-4647 | 0.00 | — | 0.00 | Dec 22, 2022 | Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.2. | |||
| CVE-2022-25929 | — | 0.00 | — | 0.01 | Dec 21, 2022 | The package smoothie from 1.31.0 and before 1.36.1 are vulnerable to Cross-site Scripting (XSS) due to improper user input sanitization in strokeStyle and tooltipLabel properties. Exploiting this vulnerability is possible when the user can control these properties. | ||
| CVE-2021-4263 | 0.00 | — | 0.01 | Dec 21, 2022 | A vulnerability, which was classified as problematic, has been found in leanote 2.6.1. This issue affects the function define of the file public/js/plugins/history.js. The manipulation of the argument content leads to cross site scripting. The attack may be initiated remotely.… | |||
| CVE-2022-4640 | 0.00 | — | 0.00 | Dec 21, 2022 | A vulnerability has been found in Mingsoft MCMS 5.2.9 and classified as problematic. Affected by this vulnerability is the function save of the component Article Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been… | |||
| CVE-2022-4617 | 0.00 | — | 0.01 | Dec 21, 2022 | Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.3.2. | |||
| CVE-2021-4272 | — | 0.00 | — | 0.00 | Dec 21, 2022 | A vulnerability classified as problematic has been found in studygolang. This affects an unknown part of the file static/js/topics.js. The manipulation of the argument contentHtml leads to cross site scripting. It is possible to initiate the attack remotely. The name of the… | ||
| CVE-2022-4638 | — | 0.00 | — | 0.00 | Dec 21, 2022 | A vulnerability classified as problematic was found in collective.contact.widget up to 1.12. This vulnerability affects the function title of the file src/collective/contact/widget/widgets.py. The manipulation leads to cross site scripting. The attack can be initiated remotely.… | ||
| CVE-2022-4609 | — | 0.00 | — | 0.01 | Dec 19, 2022 | Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0. | ||
| CVE-2022-46870 | 0.00 | — | 0.01 | Dec 16, 2022 | An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Zeppelin allows logged-in users to execute arbitrary javascript in other users' browsers. This issue affects Apache Zeppelin before 0.8.2. Users are recommended to… | |||
| CVE-2022-23474 | 0.00 | — | 0.01 | Dec 15, 2022 | Editor.js is a block-style editor with clean JSON output. Versions prior to 2.26.0 are vulnerable to Code Injection via pasted input. The processHTML method passes pasted input into wrapper’s innerHTML. This issue is patched in version 2.26.0. | |||
| CVE-2020-20589 | — | 0.00 | — | 0.01 | Dec 15, 2022 | Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.0.8 allows remote attackers to run arbitrary code via tha lang attribute of an html tag. | ||
| CVE-2022-40001 | — | 0.00 | — | 0.01 | Dec 15, 2022 | Cross Site Scripting (XSS) vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbitrary code via the title field of the create article page. | ||
| CVE-2020-36607 | — | 0.00 | — | 0.01 | Dec 15, 2022 | Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.0.8 allows remote attackers to run arbitrary code via tha lang attribute of an html tag. | ||
| CVE-2022-40002 | — | 0.00 | — | 0.01 | Dec 15, 2022 | Cross Site Scripting (XSS) vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbirtary code via the callback parameter to /cms/notify. | ||
| CVE-2022-40000 | — | 0.00 | — | 0.01 | Dec 15, 2022 | Cross Site Scripting (XSS) vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbitrary code via the username field of the admin log in page. | ||
| CVE-2021-36572 | — | 0.00 | — | 0.00 | Dec 15, 2022 | Cross Site Scripting (XSS) vulnerability in Feehi CMS thru 2.1.1 allows attackers to run arbitrary code via the user name field of the login page. |
- CVE-2022-4692Dec 23, 2022risk 0.00cvss —epss 0.01
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.
- CVE-2022-4690Dec 23, 2022risk 0.00cvss —epss 0.01
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.
- CVE-2022-4695Dec 23, 2022risk 0.00cvss —epss 0.01
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.
- CVE-2022-4694Dec 23, 2022risk 0.00cvss —epss 0.01
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.
- CVE-2022-4647Dec 22, 2022risk 0.00cvss —epss 0.00
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.2.
- CVE-2022-25929Dec 21, 2022risk 0.00cvss —epss 0.01
The package smoothie from 1.31.0 and before 1.36.1 are vulnerable to Cross-site Scripting (XSS) due to improper user input sanitization in strokeStyle and tooltipLabel properties. Exploiting this vulnerability is possible when the user can control these properties.
- CVE-2021-4263Dec 21, 2022risk 0.00cvss —epss 0.01
A vulnerability, which was classified as problematic, has been found in leanote 2.6.1. This issue affects the function define of the file public/js/plugins/history.js. The manipulation of the argument content leads to cross site scripting. The attack may be initiated remotely.…
- CVE-2022-4640Dec 21, 2022risk 0.00cvss —epss 0.00
A vulnerability has been found in Mingsoft MCMS 5.2.9 and classified as problematic. Affected by this vulnerability is the function save of the component Article Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been…
- CVE-2022-4617Dec 21, 2022risk 0.00cvss —epss 0.01
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.3.2.
- CVE-2021-4272Dec 21, 2022risk 0.00cvss —epss 0.00
A vulnerability classified as problematic has been found in studygolang. This affects an unknown part of the file static/js/topics.js. The manipulation of the argument contentHtml leads to cross site scripting. It is possible to initiate the attack remotely. The name of the…
- CVE-2022-4638Dec 21, 2022risk 0.00cvss —epss 0.00
A vulnerability classified as problematic was found in collective.contact.widget up to 1.12. This vulnerability affects the function title of the file src/collective/contact/widget/widgets.py. The manipulation leads to cross site scripting. The attack can be initiated remotely.…
- CVE-2022-4609Dec 19, 2022risk 0.00cvss —epss 0.01
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.
- CVE-2022-46870Dec 16, 2022risk 0.00cvss —epss 0.01
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Zeppelin allows logged-in users to execute arbitrary javascript in other users' browsers. This issue affects Apache Zeppelin before 0.8.2. Users are recommended to…
- CVE-2022-23474Dec 15, 2022risk 0.00cvss —epss 0.01
Editor.js is a block-style editor with clean JSON output. Versions prior to 2.26.0 are vulnerable to Code Injection via pasted input. The processHTML method passes pasted input into wrapper’s innerHTML. This issue is patched in version 2.26.0.
- CVE-2020-20589Dec 15, 2022risk 0.00cvss —epss 0.01
Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.0.8 allows remote attackers to run arbitrary code via tha lang attribute of an html tag.
- CVE-2022-40001Dec 15, 2022risk 0.00cvss —epss 0.01
Cross Site Scripting (XSS) vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbitrary code via the title field of the create article page.
- CVE-2020-36607Dec 15, 2022risk 0.00cvss —epss 0.01
Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.0.8 allows remote attackers to run arbitrary code via tha lang attribute of an html tag.
- CVE-2022-40002Dec 15, 2022risk 0.00cvss —epss 0.01
Cross Site Scripting (XSS) vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbirtary code via the callback parameter to /cms/notify.
- CVE-2022-40000Dec 15, 2022risk 0.00cvss —epss 0.01
Cross Site Scripting (XSS) vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbitrary code via the username field of the admin log in page.
- CVE-2021-36572Dec 15, 2022risk 0.00cvss —epss 0.00
Cross Site Scripting (XSS) vulnerability in Feehi CMS thru 2.1.1 allows attackers to run arbitrary code via the user name field of the login page.