CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,297 vulnerabilities with CWE-79
CVE-2024-13675 MEDIUM
SlingBlocks - Gutenberg Blocks by FunnelKit < 1.5.0 - Authenticated Stored Cross-Site Scripting via Icon List Block
CVSS 6.4
CVE-2024-13649 MEDIUM
Xpro Addons for Elementor < 1.4.6.7 - Authenticated Stored Cross-Site Scripting via Widget Input
CVSS 6.4
CVE-2024-13825 MEDIUM
Email Keep < 1.1 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-12119 MEDIUM
FooGallery < 2.4.30 - Authenticated Stored Cross-Site Scripting via default_gallery_title_size Parameter
CVSS 6.4
CVE-2024-12460 MEDIUM
Years Since - Timeless Texts <1.4.1 - XSS
CVSS 6.4
CVE-2024-9458 MEDIUM
Reservit Hotel WordPress Plugin < 3.0 - Authenticated Stored Cross-Site Scripting in Settings
CVSS 4.8
CVE-2024-13805 MEDIUM
Advanced File Manager WordPress Plugin <= 5.2.14 - Authenticated Stored XSS via SVG Upload
CVSS 6.4
CVE-2024-13668 HIGH
WordPress Activity O Meter < 1.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-13431 MEDIUM
Simply Schedule Appointments Booking Plugin <1.6.8.3 - XSS
CVSS 6.1
CVE-2024-12809 MEDIUM
Wishlist <= 1.0.43 - Authenticated Stored Cross-Site Scripting via wishlist_button Shortcode
CVSS 6.4
CVE-2024-13902 LOW
huang-yk student-manage 1.0 - Cross-Site Scripting via Class Parameter
CVSS 2.4
CVE-2024-13868 MEDIUM
URL Shortener | Conversion Tracking | AB Testing | WooCommerce < 9.0.2 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-48246 MEDIUM
Vehicle Management System 1.0 - Stored Cross-Site Scripting via Name Parameter
CVSS 5.4
CVE-2024-5667 MEDIUM
WP Featherlight - A Simple jQuery Lightbox < 1.3.4 - Authenticated Stored Cross-Site Scripting via Featherlight.js
CVSS 6.4
CVE-2024-13839 MEDIUM
Staff Directory Plugin: Company Directory <= 4.3 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg
CVSS 6.1
CVE-2024-13779 MEDIUM
Hero Mega Menu - Responsive WordPress Menu Plugin <1.16.5 - XSS
CVSS 6.1
CVE-2024-13757 MEDIUM
Master Slider - Responsive Touch Slider <= 3.10.6 - Authenticated Stored Cross-Site Scripting via ms_layer Shortcode
CVSS 6.4
CVE-2024-12815 MEDIUM
Point Maker <= 0.1.6 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-11731 MEDIUM
Master Slider - WordPress <3.10.6 - XSS
CVSS 6.4
CVE-2024-13866 MEDIUM
Simple Notification <= 1.3 - Authenticated Stored Cross-Site Scripting
CVSS 6.4
CVE-2024-13827 MEDIUM
Razorpay Subscription Button Elementor Plugin <1.0.4 - XSS
CVSS 6.1
CVE-2024-13350 MEDIUM
SearchIQ - The Search Solution < 4.7 - Authenticated Stored Cross-Site Scripting via siq_searchbox Shortcode
CVSS 6.4
CVE-2024-9618 MEDIUM
Master Addons - Elementor Addons < 2.0.7.3 - Authenticated Stored Cross-Site Scripting via Widget Attributes
CVSS 6.4
CVE-2024-55064 MEDIUM
EasyVirt DC NetScope <= 8.6.4 - Cross-Site Scripting via SMTP or NTP/DNS Parameters
CVSS 5.4
CVE-2024-5888 MEDIUM
ArcGIS Server < 11.3 - Authenticated Stored Cross-Site Scripting
CVSS 4.8
Details
Vulnerabilities 45,297
Exploit Likelihood High