CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,293 vulnerabilities with CWE-79
CVE-2024-57529 MEDIUM
Jeppesen JetPlanner Pro 1.6.2.20 - Cross-Site Scripting
CVSS 6.1
CVE-2024-5878 MEDIUM
Simplelightbox < 2.14.4 - Authenticated Stored Cross-Site Scripting via User Supplied Attributes
CVSS 6.4
CVE-2024-51106 MEDIUM
PHPGURUKUL Medical Card Generation System 1.0 - Stored Cross-Site Scripting via About Us Page Title Parameter
CVSS 4.6
CVE-2024-51475 MEDIUM
IBM Content Navigator 3.0.11, 3.0.15, and 3.1.0 - HTML Injection
CVSS 5.4
CVE-2024-9882 MEDIUM
Salon Booking System < 1.9.4 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 4.8
CVE-2024-9663 MEDIUM
CYAN Backup < 2.5.3 - Authenticated Stored Cross-Site Scripting in Plugin Settings
CVSS 5.4
CVE-2024-9662 MEDIUM
CYAN Backup < 2.5.3 - Authenticated Stored Cross-Site Scripting in Settings
CVSS 5.4
CVE-2024-9645 MEDIUM
Post Grid < 2.2.93 - Stored Cross-Site Scripting via Block Options
CVSS 5.4
CVE-2024-9599 MEDIUM
Popup Box < 4.7.8 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 5.4
CVE-2024-9390 MEDIUM
RegistrationMagic < 6.0.2.1 - Stored Cross-Site Scripting in Settings
CVSS 4.8
CVE-2024-9238 MEDIUM
AVIF Uploader < 1.1.1 - Authenticated Stored Cross-Site Scripting via SVG Upload
CVSS 5.4
CVE-2024-9236 MEDIUM
Team WordPress Plugin < 4.4.2 - Authenticated Stored Cross-Site Scripting in Settings
CVSS 4.8
CVE-2024-9227 MEDIUM
PowerPress Podcasting plugin by Blubrry < 11.9.18 - Authenticated Stored Cross-Site Scripting in Podcast Settings
CVSS 4.8
CVE-2024-9182 MEDIUM
Maspik < 2.1.3 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 4.8
CVE-2024-8854 MEDIUM
Polls CP WordPress Plugin < 1.0.77 - Authenticated Stored Cross-Site Scripting in Poll Settings
CVSS 5.4
CVE-2024-8851 MEDIUM
Polls CP WordPress Plugin < 1.0.77 - Authenticated Stored Cross-Site Scripting in Poll Settings
CVSS 5.4
CVE-2024-8759 MEDIUM
Nested Pages WordPress <3.2.9 - XSS
CVSS 4.8
CVE-2024-8703 MEDIUM
Z-Downloads < 1.1.16 - Unauthenticated Stored Cross-Site Scripting via Share URL Parameters
CVSS 6.1
CVE-2024-8702 MEDIUM
WordPress Backup Database <4.9 - XSS
CVSS 4.8
CVE-2024-8701 MEDIUM
events-calendar < 1.0.4 - Authenticated Stored Cross-Site Scripting in Settings
CVSS 4.8
CVE-2024-8670 MEDIUM
The Photo Gallery by 10Web WordPress plugin <1.8.29 - XSS
CVSS 4.8
CVE-2024-8620 MEDIUM
MapPress Maps for WordPress <2.93 - XSS
CVSS 4.8
CVE-2024-8619 MEDIUM
Ajax Search Lite < 4.12.3 - Authenticated Stored Cross-Site Scripting in Plugin Settings
CVSS 4.8
CVE-2024-8618 MEDIUM
Pagelayer WordPress plugin <1.9.0 - XSS
CVSS 4.8
CVE-2024-8617 MEDIUM
Quiz Maker WordPress <6.5.9.9 - XSS
CVSS 4.8
Details
Vulnerabilities 45,293
Exploit Likelihood High