CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Description
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-209 · CAPEC-588 · CAPEC-591 · CAPEC-592 · CAPEC-63 · CAPEC-85
CVEs mapped to this weakness (23,308)
page 874 of 1,166| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-27207 | 0.00 | — | 0.01 | Mar 15, 2022 | Jenkins global-build-stats Plugin 1.5 and earlier does not escape multiple fields in the chart configuration on the 'Global Build Stats' page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Administer permission. | |||
| CVE-2022-27202 | 0.00 | — | 0.01 | Mar 15, 2022 | Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier does not escape the value and description of extended choice parameters of radio buttons or check boxes type, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with… | |||
| CVE-2022-27200 | — | 0.00 | — | 0.01 | Mar 15, 2022 | Jenkins Folder-based Authorization Strategy Plugin 1.3 and earlier does not escape the names of roles shown on the configuration form, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Administer permission. | ||
| CVE-2022-27197 | 0.00 | — | 0.01 | Mar 15, 2022 | Jenkins Dashboard View Plugin 2.18 and earlier does not perform URL validation for the Iframe Portlet's Iframe source URL, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure views. | |||
| CVE-2022-27196 | 0.00 | — | 0.01 | Mar 15, 2022 | Jenkins Favorite Plugin 2.4.0 and earlier does not escape the names of jobs in the favorite column, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure or Item/Create permissions. | |||
| CVE-2022-0970 | 0.00 | — | 0.02 | Mar 15, 2022 | Cross-site Scripting (XSS) - Stored in GitHub repository getgrav/grav prior to 1.7.31. | |||
| CVE-2022-0964 | — | 0.00 | — | 0.01 | Mar 15, 2022 | Stored XSS viva .webmv file upload in GitHub repository star7th/showdoc prior to 2.10.4. | ||
| CVE-2022-0965 | — | 0.00 | — | 0.01 | Mar 15, 2022 | Stored XSS viva .ofd file upload in GitHub repository star7th/showdoc prior to 2.10.4. | ||
| CVE-2022-0966 | — | 0.00 | — | 0.01 | Mar 15, 2022 | Stored XSS via File Upload in star7th/showdoc in GitHub repository star7th/showdoc prior to 2.4.10. | ||
| CVE-2022-0967 | — | 0.00 | — | 0.03 | Mar 15, 2022 | Stored XSS via File Upload in star7th/showdoc in star7th/showdoc in GitHub repository star7th/showdoc prior to 2.10.4. | ||
| CVE-2022-0963 | 0.00 | — | 0.02 | Mar 15, 2022 | Unrestricted XML Files Leads to Stored XSS in GitHub repository microweber/microweber prior to 1.2.12. | |||
| CVE-2022-0942 | — | 0.00 | — | 0.01 | Mar 15, 2022 | Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to 2.10.4. | ||
| CVE-2022-0957 | — | 0.00 | — | 0.01 | Mar 15, 2022 | Stored XSS via File Upload in GitHub repository star7th/showdoc prior to 2.10.4. | ||
| CVE-2022-0956 | — | 0.00 | — | 0.01 | Mar 15, 2022 | Stored XSS via File Upload in GitHub repository star7th/showdoc prior to v.2.10.4. | ||
| CVE-2022-0954 | 0.00 | — | 0.03 | Mar 15, 2022 | Multiple Stored Cross-site Scripting (XSS) Vulnerabilities in Shop's Other Settings, Shop's Autorespond E-mail Settings and Shops' Payments Methods in GitHub repository microweber/microweber prior to 1.2.11. | |||
| CVE-2022-0893 | 0.00 | — | 0.01 | Mar 15, 2022 | Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0. | |||
| CVE-2022-0894 | 0.00 | — | 0.01 | Mar 15, 2022 | Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0. | |||
| CVE-2022-0951 | — | 0.00 | — | 0.01 | Mar 15, 2022 | File Upload Restriction Bypass leading to Stored XSS Vulnerability in GitHub repository star7th/showdoc prior to 2.10.4. | ||
| CVE-2022-0950 | — | 0.00 | — | 0.01 | Mar 15, 2022 | Unrestricted Upload of File with Dangerous Type in GitHub repository star7th/showdoc prior to 2.10.4. | ||
| CVE-2022-0945 | — | 0.00 | — | 0.01 | Mar 15, 2022 | Stored XSS viva axd and cshtml file upload in star7th/showdoc in GitHub repository star7th/showdoc prior to v2.10.4. |
- CVE-2022-27207Mar 15, 2022risk 0.00cvss —epss 0.01
Jenkins global-build-stats Plugin 1.5 and earlier does not escape multiple fields in the chart configuration on the 'Global Build Stats' page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Administer permission.
- CVE-2022-27202Mar 15, 2022risk 0.00cvss —epss 0.01
Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier does not escape the value and description of extended choice parameters of radio buttons or check boxes type, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with…
- CVE-2022-27200Mar 15, 2022risk 0.00cvss —epss 0.01
Jenkins Folder-based Authorization Strategy Plugin 1.3 and earlier does not escape the names of roles shown on the configuration form, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Administer permission.
- CVE-2022-27197Mar 15, 2022risk 0.00cvss —epss 0.01
Jenkins Dashboard View Plugin 2.18 and earlier does not perform URL validation for the Iframe Portlet's Iframe source URL, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure views.
- CVE-2022-27196Mar 15, 2022risk 0.00cvss —epss 0.01
Jenkins Favorite Plugin 2.4.0 and earlier does not escape the names of jobs in the favorite column, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure or Item/Create permissions.
- CVE-2022-0970Mar 15, 2022risk 0.00cvss —epss 0.02
Cross-site Scripting (XSS) - Stored in GitHub repository getgrav/grav prior to 1.7.31.
- CVE-2022-0964Mar 15, 2022risk 0.00cvss —epss 0.01
Stored XSS viva .webmv file upload in GitHub repository star7th/showdoc prior to 2.10.4.
- CVE-2022-0965Mar 15, 2022risk 0.00cvss —epss 0.01
Stored XSS viva .ofd file upload in GitHub repository star7th/showdoc prior to 2.10.4.
- CVE-2022-0966Mar 15, 2022risk 0.00cvss —epss 0.01
Stored XSS via File Upload in star7th/showdoc in GitHub repository star7th/showdoc prior to 2.4.10.
- CVE-2022-0967Mar 15, 2022risk 0.00cvss —epss 0.03
Stored XSS via File Upload in star7th/showdoc in star7th/showdoc in GitHub repository star7th/showdoc prior to 2.10.4.
- CVE-2022-0963Mar 15, 2022risk 0.00cvss —epss 0.02
Unrestricted XML Files Leads to Stored XSS in GitHub repository microweber/microweber prior to 1.2.12.
- CVE-2022-0942Mar 15, 2022risk 0.00cvss —epss 0.01
Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to 2.10.4.
- CVE-2022-0957Mar 15, 2022risk 0.00cvss —epss 0.01
Stored XSS via File Upload in GitHub repository star7th/showdoc prior to 2.10.4.
- CVE-2022-0956Mar 15, 2022risk 0.00cvss —epss 0.01
Stored XSS via File Upload in GitHub repository star7th/showdoc prior to v.2.10.4.
- CVE-2022-0954Mar 15, 2022risk 0.00cvss —epss 0.03
Multiple Stored Cross-site Scripting (XSS) Vulnerabilities in Shop's Other Settings, Shop's Autorespond E-mail Settings and Shops' Payments Methods in GitHub repository microweber/microweber prior to 1.2.11.
- CVE-2022-0893Mar 15, 2022risk 0.00cvss —epss 0.01
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0.
- CVE-2022-0894Mar 15, 2022risk 0.00cvss —epss 0.01
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0.
- CVE-2022-0951Mar 15, 2022risk 0.00cvss —epss 0.01
File Upload Restriction Bypass leading to Stored XSS Vulnerability in GitHub repository star7th/showdoc prior to 2.10.4.
- CVE-2022-0950Mar 15, 2022risk 0.00cvss —epss 0.01
Unrestricted Upload of File with Dangerous Type in GitHub repository star7th/showdoc prior to 2.10.4.
- CVE-2022-0945Mar 15, 2022risk 0.00cvss —epss 0.01
Stored XSS viva axd and cshtml file upload in star7th/showdoc in GitHub repository star7th/showdoc prior to v2.10.4.