CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,295 vulnerabilities with CWE-79
CVE-2024-13702 MEDIUM
CRM and Lead Management by vcita < 2.7.4 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-12683 LOW
Smart Maintenance Mode < 1.5.2 - Authenticated Stored Cross-Site Scripting in Plugin Settings
CVSS 3.5
CVE-2024-11847 MEDIUM
wp-svg-upload < 1.0.0 - Stored Cross-Site Scripting via SVG File Upload
CVSS 4.8
CVE-2024-55029 MEDIUM
NASA Fprime v3.4.3 - Cross-Site Scripting
CVSS 6.1
CVE-2024-53679 MEDIUM
Apache VCL < 2.5.2 - Cross-Site Scripting in User Lookup Form
CVSS 5.4
CVE-2024-13731 MEDIUM
WordPress Alert Box Block <1.1.2 - XSS
CVSS 6.4
CVE-2024-13690 HIGH
WP Church Donation <= 1.7 - Unauthenticated Stored Cross-Site Scripting via Donation Form Parameters
CVSS 7.2
CVE-2024-12623 MEDIUM
WordPress DICOM Support <0.10.6 - XSS
CVSS 6.4
CVE-2024-13863 HIGH
Stylish Google Sheet Reader < 4.1 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-13123 LOW
Advanced Form Integration < 1.100.0 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 3.5
CVE-2024-13122 LOW
Advanced Form Integration < 1.100.0 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 3.5
CVE-2024-12769 LOW
Simple Banner < 3.0.4 - Authenticated Stored Cross-Site Scripting in Settings
CVSS 3.5
CVE-2024-12682 MEDIUM
Smart Maintenance Mode < 1.5.2 - Authenticated Stored Cross-Site Scripting in Settings
CVSS 6.1
CVE-2024-11503 MEDIUM
WP Tabs < 2.2.7 - Authenticated Stored Cross-Site Scripting in Plugin Settings
CVSS 6.1
CVE-2024-11273 MEDIUM
Contact Form & SMTP Plugin for WordPress by PirateForms < 2.6.0 - Authenticated Stored Cross-Site Scripting in Settings
CVSS 6.1
CVE-2024-11272 MEDIUM
PirateForms < 2.6.0 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 6.1
CVE-2024-10703 MEDIUM
Registrations for the Events Calendar < 2.13.4 - Authenticated Stored Cross-Site Scripting in Settings
CVSS 6.1
CVE-2024-10679 MEDIUM
Quiz and Survey Master < 9.2.1 - Authenticated Stored Cross-Site Scripting in Settings
CVSS 6.1
CVE-2024-10566 MEDIUM
10web Slider < 1.2.62 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 6.1
CVE-2024-10565 MEDIUM
10web Slider < 1.2.62 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 6.1
CVE-2024-10560 LOW
10Web Form Maker < 1.15.30 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 3.5
CVE-2024-10554 LOW
WP-Advanced-Search < 3.3.9.3 - Authenticated Stored Cross-Site Scripting in Plugin Settings
CVSS 3.5
CVE-2024-10472 MEDIUM
Stylish Price List < 7.1.12 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 5.9
CVE-2024-10105 MEDIUM
Job Postings WordPress <2.7.11 - XSS
CVSS 5.9
CVE-2024-10208 MEDIUM
B&R APROL < 4.4-00P5 - Authenticated Stored Cross-Site Scripting in Web Portal
Details
Vulnerabilities 45,295
Exploit Likelihood High