CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Description
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-209 · CAPEC-588 · CAPEC-591 · CAPEC-592 · CAPEC-63 · CAPEC-85
CVEs mapped to this weakness (23,314)
page 856 of 1,166| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-37430 | 0.00 | — | 0.01 | Nov 23, 2022 | Silverstripe silverstripe/framework through 4.11 allows XSS vulnerability via href attribute of a link (issue 2 of 2). | |||
| CVE-2022-38145 | — | 0.00 | — | 0.01 | Nov 23, 2022 | Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 of 3) via remote attackers adding a Javascript payload to a page's meta description and get it executed in the versioned history compare view. | ||
| CVE-2022-38147 | 0.00 | — | 0.01 | Nov 23, 2022 | Silverstripe silverstripe/framework through 4.11 allows XSS (issue 3 of 3). | |||
| CVE-2022-45150 | 0.00 | — | 0.01 | Nov 23, 2022 | A reflected cross-site scripting vulnerability was discovered in Moodle. This flaw exists due to insufficient sanitization of user-supplied data in policy tool. An attacker can trick the victim to open a specially crafted link that executes an arbitrary HTML and script code in… | |||
| CVE-2022-45151 | 0.00 | — | 0.01 | Nov 23, 2022 | The stored-XSS vulnerability was discovered in Moodle which exists due to insufficient sanitization of user-supplied data in several "social" user profile fields. An attacker could inject and execute arbitrary HTML and script code in user's browser in context of vulnerable… | |||
| CVE-2022-38724 | 0.00 | — | 0.01 | Nov 22, 2022 | Silverstripe silverstripe/framework through 4.11.0, silverstripe/assets through 1.11.0, and silverstripe/asset-admin through 1.11.0 allow XSS. | |||
| CVE-2022-38462 | — | 0.00 | — | 0.00 | Nov 22, 2022 | Silverstripe silverstripe/framework through 4.11 is vulnerable to XSS by carefully crafting a return URL on a /dev/build or /Security/login request. | ||
| CVE-2022-42097 | — | 0.00 | — | 0.01 | Nov 22, 2022 | Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via 'Comment.' . | ||
| CVE-2022-42094 | — | 0.00 | — | 0.03 | Nov 22, 2022 | Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the 'Card' content. | ||
| CVE-2022-42096 | — | 0.00 | — | 0.02 | Nov 21, 2022 | Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via Post content. | ||
| CVE-2022-4105 | 0.00 | — | 0.00 | Nov 21, 2022 | A stored XSS in a kiwi Test Plan can run malicious javascript which could be chained with an HTML injection to perform a UI redressing attack (clickjacking) and an HTML injection which disables the use of the history page. | |||
| CVE-2022-38146 | — | 0.00 | — | 0.01 | Nov 21, 2022 | Silverstripe silverstripe/framework through 4.11 allows XSS (issue 2 of 3). | ||
| CVE-2022-45470 | 0.00 | — | 0.01 | Nov 21, 2022 | missing input validation in Apache Hama may cause information disclosure through path traversal and XSS. Since Apache Hama is EOL, we do not expect these issues to be fixed. | |||
| CVE-2022-4069 | 0.00 | — | 0.93 | Nov 20, 2022 | Cross-site Scripting (XSS) - Generic in GitHub repository librenms/librenms prior to 22.10.0. | |||
| CVE-2022-4068 | 0.00 | — | 0.34 | Nov 20, 2022 | A user is able to enable their own account if it was disabled by an admin while the user still holds a valid session. Moreover, the username is not properly sanitized in the admin user overview. This enables an XSS attack that enables an attacker with a low privilege user to… | |||
| CVE-2022-3561 | 0.00 | — | 0.01 | Nov 20, 2022 | Cross-site Scripting (XSS) - Generic in GitHub repository librenms/librenms prior to 22.10.0. | |||
| CVE-2022-3516 | 0.00 | — | 0.00 | Nov 20, 2022 | Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.10.0. | |||
| CVE-2022-4067 | 0.00 | — | 0.94 | Nov 20, 2022 | Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.10.0. | |||
| CVE-2022-41938 | 0.00 | — | 0.01 | Nov 19, 2022 | Flarum is an open source discussion platform. Flarum's page title system allowed for page titles to be converted into HTML DOM nodes when pages were rendered. The change was made after `v1.5` and was not noticed. This allowed an attacker to inject malicious HTML markup using a… | |||
| CVE-2022-44069 | — | 0.00 | — | 0.00 | Nov 16, 2022 | Zenario CMS 9.3.57186 is vulnerable to Cross Site Scripting (XSS) via the Nest library module. |
- CVE-2022-37430Nov 23, 2022risk 0.00cvss —epss 0.01
Silverstripe silverstripe/framework through 4.11 allows XSS vulnerability via href attribute of a link (issue 2 of 2).
- CVE-2022-38145Nov 23, 2022risk 0.00cvss —epss 0.01
Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 of 3) via remote attackers adding a Javascript payload to a page's meta description and get it executed in the versioned history compare view.
- CVE-2022-38147Nov 23, 2022risk 0.00cvss —epss 0.01
Silverstripe silverstripe/framework through 4.11 allows XSS (issue 3 of 3).
- CVE-2022-45150Nov 23, 2022risk 0.00cvss —epss 0.01
A reflected cross-site scripting vulnerability was discovered in Moodle. This flaw exists due to insufficient sanitization of user-supplied data in policy tool. An attacker can trick the victim to open a specially crafted link that executes an arbitrary HTML and script code in…
- CVE-2022-45151Nov 23, 2022risk 0.00cvss —epss 0.01
The stored-XSS vulnerability was discovered in Moodle which exists due to insufficient sanitization of user-supplied data in several "social" user profile fields. An attacker could inject and execute arbitrary HTML and script code in user's browser in context of vulnerable…
- CVE-2022-38724Nov 22, 2022risk 0.00cvss —epss 0.01
Silverstripe silverstripe/framework through 4.11.0, silverstripe/assets through 1.11.0, and silverstripe/asset-admin through 1.11.0 allow XSS.
- CVE-2022-38462Nov 22, 2022risk 0.00cvss —epss 0.00
Silverstripe silverstripe/framework through 4.11 is vulnerable to XSS by carefully crafting a return URL on a /dev/build or /Security/login request.
- CVE-2022-42097Nov 22, 2022risk 0.00cvss —epss 0.01
Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via 'Comment.' .
- CVE-2022-42094Nov 22, 2022risk 0.00cvss —epss 0.03
Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the 'Card' content.
- CVE-2022-42096Nov 21, 2022risk 0.00cvss —epss 0.02
Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via Post content.
- CVE-2022-4105Nov 21, 2022risk 0.00cvss —epss 0.00
A stored XSS in a kiwi Test Plan can run malicious javascript which could be chained with an HTML injection to perform a UI redressing attack (clickjacking) and an HTML injection which disables the use of the history page.
- CVE-2022-38146Nov 21, 2022risk 0.00cvss —epss 0.01
Silverstripe silverstripe/framework through 4.11 allows XSS (issue 2 of 3).
- CVE-2022-45470Nov 21, 2022risk 0.00cvss —epss 0.01
missing input validation in Apache Hama may cause information disclosure through path traversal and XSS. Since Apache Hama is EOL, we do not expect these issues to be fixed.
- CVE-2022-4069Nov 20, 2022risk 0.00cvss —epss 0.93
Cross-site Scripting (XSS) - Generic in GitHub repository librenms/librenms prior to 22.10.0.
- CVE-2022-4068Nov 20, 2022risk 0.00cvss —epss 0.34
A user is able to enable their own account if it was disabled by an admin while the user still holds a valid session. Moreover, the username is not properly sanitized in the admin user overview. This enables an XSS attack that enables an attacker with a low privilege user to…
- CVE-2022-3561Nov 20, 2022risk 0.00cvss —epss 0.01
Cross-site Scripting (XSS) - Generic in GitHub repository librenms/librenms prior to 22.10.0.
- CVE-2022-3516Nov 20, 2022risk 0.00cvss —epss 0.00
Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.10.0.
- CVE-2022-4067Nov 20, 2022risk 0.00cvss —epss 0.94
Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.10.0.
- CVE-2022-41938Nov 19, 2022risk 0.00cvss —epss 0.01
Flarum is an open source discussion platform. Flarum's page title system allowed for page titles to be converted into HTML DOM nodes when pages were rendered. The change was made after `v1.5` and was not noticed. This allowed an attacker to inject malicious HTML markup using a…
- CVE-2022-44069Nov 16, 2022risk 0.00cvss —epss 0.00
Zenario CMS 9.3.57186 is vulnerable to Cross Site Scripting (XSS) via the Nest library module.