CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Description
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-209 · CAPEC-588 · CAPEC-591 · CAPEC-592 · CAPEC-63 · CAPEC-85
CVEs mapped to this weakness (23,306)
page 875 of 1,166| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-41952 | — | 0.00 | — | 0.01 | Mar 14, 2022 | Zenario CMS 9.0.54156 is vulnerable to Cross Site Scripting (XSS) via upload file to *.SVG. An attacker can send malicious files to victims and steals victim's cookie leads to account takeover. The person viewing the image of a contact can be victim of XSS. | ||
| CVE-2022-0960 | — | 0.00 | — | 0.01 | Mar 14, 2022 | Stored XSS viva .properties file upload in GitHub repository star7th/showdoc prior to 2.10.4. | ||
| CVE-2022-0946 | — | 0.00 | — | 0.01 | Mar 14, 2022 | Stored XSS viva cshtm file upload in GitHub repository star7th/showdoc prior to v2.10.4. | ||
| CVE-2022-0941 | — | 0.00 | — | 0.01 | Mar 14, 2022 | Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to v2.10.4. | ||
| CVE-2022-0940 | — | 0.00 | — | 0.01 | Mar 14, 2022 | Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to v2.10.4. | ||
| CVE-2022-0938 | — | 0.00 | — | 0.01 | Mar 14, 2022 | Stored XSS via file upload in GitHub repository star7th/showdoc prior to v2.10.4. | ||
| CVE-2022-0341 | — | 0.00 | — | 0.00 | Mar 14, 2022 | Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vditor prior to 3.8.12. | ||
| CVE-2022-0937 | — | 0.00 | — | 0.01 | Mar 14, 2022 | Stored xss in showdoc through file upload in GitHub repository star7th/showdoc prior to 2.10.4. | ||
| CVE-2022-0930 | 0.00 | — | 0.01 | Mar 12, 2022 | File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12. | |||
| CVE-2022-0929 | 0.00 | — | 0.01 | Mar 12, 2022 | XSS on dynamic_text module in GitHub repository microweber/microweber prior to 1.2.11. | |||
| CVE-2022-0926 | 0.00 | — | 0.01 | Mar 12, 2022 | File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12. | |||
| CVE-2022-0880 | — | 0.00 | — | 0.01 | Mar 12, 2022 | Cross-site Scripting (XSS) - Stored in GitHub repository star7th/showdoc prior to 2.10.2. | ||
| CVE-2022-26533 | 0.00 | — | 0.01 | Mar 12, 2022 | Alist v2.1.0 and below was discovered to contain a cross-site scripting (XSS) vulnerability via /i/:data/ipa.plist. | |||
| CVE-2021-44667 | — | 0.00 | — | 0.01 | Mar 11, 2022 | A Cross Site Scripting (XSS) vulnerability exists in Nacos 2.0.3 in auth/users via the (1) pageSize and (2) pageNo parameters. | ||
| CVE-2021-32475 | 0.00 | — | 0.01 | Mar 11, 2022 | ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected. | |||
| CVE-2022-0928 | 0.00 | — | 0.02 | Mar 11, 2022 | Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.12. | |||
| CVE-2021-32478 | 0.00 | — | 0.01 | Mar 11, 2022 | The redirect URI in the LTI authorization endpoint required extra sanitizing to prevent reflected XSS and open redirect risks. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8 and earlier unsupported versions are affected. | |||
| CVE-2022-25507 | — | 0.00 | — | 0.00 | Mar 10, 2022 | FreeTAKServer-UI v1.9.8 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Callsign parameter. | ||
| CVE-2021-44585 | — | 0.00 | — | 0.01 | Mar 10, 2022 | A Cross Site Scripting (XSS) vulnerabilitiy exits in jeecg-boot 3.0 in /jeecg-boot/jmreport/view with a mouseover event. | ||
| CVE-2022-0906 | 0.00 | — | 0.01 | Mar 10, 2022 | Unrestricted file upload leads to stored XSS in GitHub repository microweber/microweber prior to 1.1.12. |
- CVE-2021-41952Mar 14, 2022risk 0.00cvss —epss 0.01
Zenario CMS 9.0.54156 is vulnerable to Cross Site Scripting (XSS) via upload file to *.SVG. An attacker can send malicious files to victims and steals victim's cookie leads to account takeover. The person viewing the image of a contact can be victim of XSS.
- CVE-2022-0960Mar 14, 2022risk 0.00cvss —epss 0.01
Stored XSS viva .properties file upload in GitHub repository star7th/showdoc prior to 2.10.4.
- CVE-2022-0946Mar 14, 2022risk 0.00cvss —epss 0.01
Stored XSS viva cshtm file upload in GitHub repository star7th/showdoc prior to v2.10.4.
- CVE-2022-0941Mar 14, 2022risk 0.00cvss —epss 0.01
Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to v2.10.4.
- CVE-2022-0940Mar 14, 2022risk 0.00cvss —epss 0.01
Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to v2.10.4.
- CVE-2022-0938Mar 14, 2022risk 0.00cvss —epss 0.01
Stored XSS via file upload in GitHub repository star7th/showdoc prior to v2.10.4.
- CVE-2022-0341Mar 14, 2022risk 0.00cvss —epss 0.00
Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vditor prior to 3.8.12.
- CVE-2022-0937Mar 14, 2022risk 0.00cvss —epss 0.01
Stored xss in showdoc through file upload in GitHub repository star7th/showdoc prior to 2.10.4.
- CVE-2022-0930Mar 12, 2022risk 0.00cvss —epss 0.01
File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12.
- CVE-2022-0929Mar 12, 2022risk 0.00cvss —epss 0.01
XSS on dynamic_text module in GitHub repository microweber/microweber prior to 1.2.11.
- CVE-2022-0926Mar 12, 2022risk 0.00cvss —epss 0.01
File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12.
- CVE-2022-0880Mar 12, 2022risk 0.00cvss —epss 0.01
Cross-site Scripting (XSS) - Stored in GitHub repository star7th/showdoc prior to 2.10.2.
- CVE-2022-26533Mar 12, 2022risk 0.00cvss —epss 0.01
Alist v2.1.0 and below was discovered to contain a cross-site scripting (XSS) vulnerability via /i/:data/ipa.plist.
- CVE-2021-44667Mar 11, 2022risk 0.00cvss —epss 0.01
A Cross Site Scripting (XSS) vulnerability exists in Nacos 2.0.3 in auth/users via the (1) pageSize and (2) pageNo parameters.
- CVE-2021-32475Mar 11, 2022risk 0.00cvss —epss 0.01
ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected.
- CVE-2022-0928Mar 11, 2022risk 0.00cvss —epss 0.02
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.12.
- CVE-2021-32478Mar 11, 2022risk 0.00cvss —epss 0.01
The redirect URI in the LTI authorization endpoint required extra sanitizing to prevent reflected XSS and open redirect risks. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8 and earlier unsupported versions are affected.
- CVE-2022-25507Mar 10, 2022risk 0.00cvss —epss 0.00
FreeTAKServer-UI v1.9.8 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Callsign parameter.
- CVE-2021-44585Mar 10, 2022risk 0.00cvss —epss 0.01
A Cross Site Scripting (XSS) vulnerabilitiy exits in jeecg-boot 3.0 in /jeecg-boot/jmreport/view with a mouseover event.
- CVE-2022-0906Mar 10, 2022risk 0.00cvss —epss 0.01
Unrestricted file upload leads to stored XSS in GitHub repository microweber/microweber prior to 1.1.12.