CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,297 vulnerabilities with CWE-79
CVE-2024-12452
MEDIUM
Ziggeo < 3.1.1 - Authenticated Stored Cross-Site Scripting via ziggeo_event Shortcode
CVSS 6.4
CVE-2024-13585
LOW
Ajax Search Lite < 4.12.5 - Authenticated Stored Cross-Site Scripting in Plugin Settings
CVSS 3.5
CVE-2024-13314
LOW
Carousel, Slider, Gallery by WP Carousel < 2.7.4 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 3.5
CVE-2024-13751
MEDIUM
3D Photo Gallery <= 1.3 - Authenticated Stored Cross-Site Scripting via des[] Parameter
CVSS 6.4
CVE-2024-13672
MEDIUM
Mini Course Generator < 1.0.5 - Authenticated Stored Cross-Site Scripting via 'mcg' Shortcode
CVSS 6.4
CVE-2024-13388
MEDIUM
TCBD Tooltip <= 1.0 - Authenticated Stored Cross-Site Scripting via tcbdtooltip_text Shortcode
CVSS 6.4
CVE-2024-13379
MEDIUM
C9 Admin Dashboard <= 1.3.5 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-54959
MEDIUM
Nagios XI 2024R1.2.2 - Cross-Site Request Forgery and Cross-Site Scripting via Favorites Component
CVSS 6.1
CVE-2024-54958
MEDIUM
Nagios XI 2024R1.2.2 - Stored Cross-Site Scripting in Tools Page
CVSS 6.1
CVE-2024-49337
MEDIUM
IBM OpenPages with Watson 8.3-8.3.0.2 - Authenticated HTML Injection in Workflow Email Notifications
CVSS 5.4
CVE-2024-6432
MEDIUM
Content Blocks (Custom Post Widget) <3.3.5 - XSS
CVSS 6.4
CVE-2024-13849
MEDIUM
Cookie Notice Bar <= 1.3.0 - Authenticated Stored Cross-Site Scripting
CVSS 5.5
CVE-2024-13802
MEDIUM
Bandsintown Events <= 1.3.1 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-13748
MEDIUM
Ultimate Classified Listings <= 1.4 - Authenticated Stored Cross-Site Scripting via Title Parameter
CVSS 4.4
CVE-2024-13155
MEDIUM
Unlimited Elements For Elementor <1.5.140 - XSS
CVSS 6.4
CVE-2024-13445
MEDIUM
Elementor Website Builder <3.27.4 - XSS
CVSS 6.4
CVE-2024-37360
MEDIUM
Hitachi Vantara Pentaho <10.2.0.0-9.3.0.9 - XSS
CVSS 4.4
CVE-2024-53974
MEDIUM
Adobe Experience Manager <6.5.21 - XSS
CVSS 5.4
CVE-2024-28776
MEDIUM
IBM Cognos Controller 11.0.0-11.0.1 FP3 and IBM Controller 11.1.0 - Cross-Site Scripting
CVSS 5.4
CVE-2024-13363
MEDIUM
Raptive Ads <= 3.6.3 - Unauthenticated Reflected Cross-Site Scripting via 'poc' Parameter
CVSS 6.1
CVE-2024-13736
MEDIUM
Pure Chat - Live Chat & More! <= 2.4 - Unauthenticated Stored Cross-Site Scripting via purechatWidgetName Parameter
CVSS 6.1
CVE-2024-13711
MEDIUM
Pollin <= 1.01.1 - Unauthenticated Reflected Cross-Site Scripting via Question Parameter
CVSS 6.1
CVE-2024-13679
MEDIUM
Widget BUY.BOX < 3.1.5 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-13674
MEDIUM
Cosmic Blocks (40+) Content Editor - XSS
CVSS 6.4
CVE-2024-13663
MEDIUM
Coaching Staffs <= 1.5.1 - Authenticated Stored Cross-Site Scripting via mstw-cs-table Shortcode
CVSS 6.4
Details
Vulnerabilities
45,297
Exploit Likelihood
High