CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

BaseStableLikelihood: High

Description

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Hierarchy (View 1000)

Parents

CWE-74

Children

Related attack patterns (CAPEC)

CAPEC-209 · CAPEC-588 · CAPEC-591 · CAPEC-592 · CAPEC-63 · CAPEC-85

CVEs mapped to this weakness (23,306)

page 879 of 1,166

CVE	Vendor / Product	CVSS	EPSS	Published	Description
CVE-2021-45416	—	—	0.03	Feb 1, 2022	Reflected Cross-site scripting (XSS) vulnerability in RosarioSIS 8.2.1 allows attackers to inject arbitrary HTML via the search_term parameter in the modules/Scheduling/Courses.php script.
CVE-2022-23598	laminas laminas-form	—	0.01	Jan 28, 2022	laminas-form is a package for validating and displaying simple and complex forms. When rendering validation error messages via the `formElementErrors()` view helper shipped with laminas-form, many messages will contain the submitted value. However, in laminas-form prior to…
CVE-2022-23599	—	—	0.01	Jan 28, 2022	Products.ATContentTypes are the core content types for Plone 2.1 - 4.3. Versions of Plone that are dependent on Products.ATContentTypes prior to version 3.0.6 are vulnerable to reflected cross site scripting and open redirect when an attacker can get a compromised version of the…
CVE-2022-0395	Livehelperchat Livehelperchat	—	0.01	Jan 28, 2022	Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.
CVE-2022-0352	Janeczku Calibre Web	—	0.01	Jan 28, 2022	Cross-site Scripting (XSS) - Reflected in Pypi calibreweb prior to 0.6.16.
CVE-2022-0394	Livehelperchat Livehelperchat	—	0.01	Jan 28, 2022	Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.
CVE-2022-0348	Pimcore Pimcore	—	0.01	Jan 27, 2022	Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.2.
CVE-2022-0372	Crater Invoice Crater Invoice	—	0.01	Jan 27, 2022	Cross-site Scripting (XSS) - Stored in Packagist bytefury/crater prior to 6.0.2.
CVE-2022-0370	Livehelperchat Livehelperchat	—	0.01	Jan 27, 2022	Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.
CVE-2022-0387	Livehelperchat Livehelperchat	—	0.01	Jan 27, 2022	Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.
CVE-2022-0378	Microweber Microweber	—	0.04	Jan 26, 2022	Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11.
CVE-2022-0379	Microweber Microweber	—	0.01	Jan 26, 2022	Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11.
CVE-2022-0251	Pimcore Pimcore	—	0.01	Jan 26, 2022	Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.2.10.
CVE-2022-0375	Livehelperchat Livehelperchat	—	0.01	Jan 26, 2022	Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.
CVE-2022-0374	Livehelperchat Livehelperchat	—	0.01	Jan 26, 2022	Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.
CVE-2022-0268	Getgrav Grav	—	0.01	Jan 25, 2022	Cross-site Scripting (XSS) - Stored in Packagist getgrav/grav prior to 1.7.28.
CVE-2022-21715	Codeigniter Codeigniter	—	0.01	Jan 24, 2022	CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. A cross-site scripting (XSS) vulnerability was found in `API\ResponseTrait` in Codeigniter4 prior to version 4.1.8. Attackers can do XSS attacks if a potential victim is using `API\ResponseTrait`.…
CVE-2021-4103	—	—	0.01	Jan 23, 2022	Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vditor prior to 1.0.34.
CVE-2021-4172	—	—	0.01	Jan 22, 2022	Cross-site Scripting (XSS) - Stored in GitHub repository star7th/showdoc prior to 2.10.2.
CVE-2022-23808	PhpMyAdmin phpMyAdmin	—	0.08	Jan 22, 2022	An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can inject malicious code into aspects of the setup script, which can allow XSS or HTML injection.

CVE-2021-45416Feb 1, 2022
risk 0.00cvss —epss 0.03
Reflected Cross-site scripting (XSS) vulnerability in RosarioSIS 8.2.1 allows attackers to inject arbitrary HTML via the search_term parameter in the modules/Scheduling/Courses.php script.
CVE-2022-23598Jan 28, 2022
laminas
laminas-form
risk 0.00cvss —epss 0.01
laminas-form is a package for validating and displaying simple and complex forms. When rendering validation error messages via the `formElementErrors()` view helper shipped with laminas-form, many messages will contain the submitted value. However, in laminas-form prior to…
CVE-2022-23599Jan 28, 2022
risk 0.00cvss —epss 0.01
Products.ATContentTypes are the core content types for Plone 2.1 - 4.3. Versions of Plone that are dependent on Products.ATContentTypes prior to version 3.0.6 are vulnerable to reflected cross site scripting and open redirect when an attacker can get a compromised version of the…
CVE-2022-0395Jan 28, 2022
Livehelperchat
Livehelperchat
risk 0.00cvss —epss 0.01
Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.
CVE-2022-0352Jan 28, 2022
Janeczku
Calibre Web
risk 0.00cvss —epss 0.01
Cross-site Scripting (XSS) - Reflected in Pypi calibreweb prior to 0.6.16.
CVE-2022-0394Jan 28, 2022
Livehelperchat
Livehelperchat
risk 0.00cvss —epss 0.01
Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.
CVE-2022-0348Jan 27, 2022
Pimcore
Pimcore
risk 0.00cvss —epss 0.01
Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.2.
CVE-2022-0372Jan 27, 2022
Crater Invoice
Crater Invoice
risk 0.00cvss —epss 0.01
Cross-site Scripting (XSS) - Stored in Packagist bytefury/crater prior to 6.0.2.
CVE-2022-0370Jan 27, 2022
Livehelperchat
Livehelperchat
risk 0.00cvss —epss 0.01
Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.
CVE-2022-0387Jan 27, 2022
Livehelperchat
Livehelperchat
risk 0.00cvss —epss 0.01
Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.
CVE-2022-0378Jan 26, 2022
Microweber
Microweber
risk 0.00cvss —epss 0.04
Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11.
CVE-2022-0379Jan 26, 2022
Microweber
Microweber
risk 0.00cvss —epss 0.01
Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11.
CVE-2022-0251Jan 26, 2022
Pimcore
Pimcore
risk 0.00cvss —epss 0.01
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.2.10.
CVE-2022-0375Jan 26, 2022
Livehelperchat
Livehelperchat
risk 0.00cvss —epss 0.01
Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.
CVE-2022-0374Jan 26, 2022
Livehelperchat
Livehelperchat
risk 0.00cvss —epss 0.01
Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.
CVE-2022-0268Jan 25, 2022
Getgrav
Grav
risk 0.00cvss —epss 0.01
Cross-site Scripting (XSS) - Stored in Packagist getgrav/grav prior to 1.7.28.
CVE-2022-21715Jan 24, 2022
Codeigniter
Codeigniter
risk 0.00cvss —epss 0.01
CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. A cross-site scripting (XSS) vulnerability was found in `API\ResponseTrait` in Codeigniter4 prior to version 4.1.8. Attackers can do XSS attacks if a potential victim is using `API\ResponseTrait`.…
CVE-2021-4103Jan 23, 2022
risk 0.00cvss —epss 0.01
Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vditor prior to 1.0.34.
CVE-2021-4172Jan 22, 2022
risk 0.00cvss —epss 0.01
Cross-site Scripting (XSS) - Stored in GitHub repository star7th/showdoc prior to 2.10.2.
CVE-2022-23808Jan 22, 2022
PhpMyAdmin
phpMyAdmin
risk 0.00cvss —epss 0.08
An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can inject malicious code into aspects of the setup script, which can allow XSS or HTML injection.