CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,297 vulnerabilities with CWE-79
CVE-2024-53382 MEDIUM
PrismJS < 1.29.0 - DOM Clobbering and Cross-Site Scripting via document.currentScript Shadowing
CVSS 4.9
CVE-2024-13901 MEDIUM
Counter Box < 2.0.6 - Authenticated DOM-Based Stored Cross-Site Scripting via Content Parameter
CVSS 4.4
CVE-2024-9217 MEDIUM
Currency Switcher for WooCommerce <2.16.2 - XSS
CVSS 6.1
CVE-2024-9212 MEDIUM
WooCommerce SKU Generator <1.6.2 - XSS
CVSS 6.1
CVE-2024-13559 MEDIUM
TemplatesNext ToolKit - WordPress <3.2.9 - XSS
CVSS 6.4
CVE-2024-9019 MEDIUM
SecuPress Free < 2.2.5.3 - Authenticated Stored Cross-Site Scripting via secupress_check_ban_ips_form Shortcode
CVSS 6.4
CVE-2024-13851 MEDIUM
Modal Portfolio <= 1.7.4.2 - Authenticated Stored Cross-Site Scripting
CVSS 5.5
CVE-2024-13469 MEDIUM
Pricing Table by PickPlugins <1.12.10 - XSS
CVSS 6.4
CVE-2024-12820 MEDIUM
MK Google Directions <= 3.1 - Authenticated Stored Cross-Site Scripting via MKGD Shortcode
CVSS 6.4
CVE-2024-53408 MEDIUM
AVE System Web Client <2.1.131.13992 - XSS
CVSS 5.4
CVE-2024-9285 MEDIUM
Via Browser <= 5.9.0 - Cross-Site Scripting via JavaScript Bridge
CVSS 4.3
CVE-2024-13402 MEDIUM
BuddyBoss Platform < 2.7.70 - Authenticated Stored Cross-Site Scripting via Link Title Parameter
CVSS 6.4
CVE-2024-13734 MEDIUM
Card Elements for Elementor <= 1.2.6 - Authenticated Stored Cross-Site Scripting via Profile Card Widget
CVSS 6.4
CVE-2024-5848 MEDIUM
WSO2 API Manager - Reflected Cross-Site Scripting via Service Endpoint Input
CVSS 6.1
CVE-2024-6261 MEDIUM
Image Photo Gallery Final Tiles Grid <3.6.0 - XSS
CVSS 6.4
CVE-2024-57423 MEDIUM
CloudClassroom-PHP Project 1.0 - Cross-Site Scripting via Assessment exid Parameter
CVSS 6.1
CVE-2024-46226 MEDIUM
HelpDeskZ < 2.0.2 - Stored Cross-Site Scripting via File Upload in New Ticket
CVSS 4.8
CVE-2024-6810 MEDIUM
Quiz Organizer <= 2.9.1 - Authenticated Stored Cross-Site Scripting
CVSS 4.4
CVE-2024-13803 MEDIUM
Essential Blocks < 5.2.3 - Authenticated Stored Cross-Site Scripting via Data-Marker Parameter
CVSS 6.4
CVE-2024-13678 MEDIUM
R3W InstaFeed WordPress plugin 1.0 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-13669 MEDIUM
CalendApp < 1.1 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-13634 MEDIUM
Post Sync WordPress Plugin < 1.1 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-13633 HIGH
Simple catalogue < 1.0.2 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-13632 HIGH
WP Extra Fields < 1.0.1 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-13631 HIGH
Om Stripe < 02.00.00 - Reflected Cross-Site Scripting
CVSS 7.1
Details
Vulnerabilities 45,297
Exploit Likelihood High