CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,297 vulnerabilities with CWE-79
CVE-2024-12452 MEDIUM
Ziggeo < 3.1.1 - Authenticated Stored Cross-Site Scripting via ziggeo_event Shortcode
CVSS 6.4
CVE-2024-13585 LOW
Ajax Search Lite < 4.12.5 - Authenticated Stored Cross-Site Scripting in Plugin Settings
CVSS 3.5
CVE-2024-13314 LOW
Carousel, Slider, Gallery by WP Carousel < 2.7.4 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 3.5
CVE-2024-13751 MEDIUM
3D Photo Gallery <= 1.3 - Authenticated Stored Cross-Site Scripting via des[] Parameter
CVSS 6.4
CVE-2024-13672 MEDIUM
Mini Course Generator < 1.0.5 - Authenticated Stored Cross-Site Scripting via 'mcg' Shortcode
CVSS 6.4
CVE-2024-13388 MEDIUM
TCBD Tooltip <= 1.0 - Authenticated Stored Cross-Site Scripting via tcbdtooltip_text Shortcode
CVSS 6.4
CVE-2024-13379 MEDIUM
C9 Admin Dashboard <= 1.3.5 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-54959 MEDIUM
Nagios XI 2024R1.2.2 - Cross-Site Request Forgery and Cross-Site Scripting via Favorites Component
CVSS 6.1
CVE-2024-54958 MEDIUM
Nagios XI 2024R1.2.2 - Stored Cross-Site Scripting in Tools Page
CVSS 6.1
CVE-2024-49337 MEDIUM
IBM OpenPages with Watson 8.3-8.3.0.2 - Authenticated HTML Injection in Workflow Email Notifications
CVSS 5.4
CVE-2024-6432 MEDIUM
Content Blocks (Custom Post Widget) <3.3.5 - XSS
CVSS 6.4
CVE-2024-13849 MEDIUM
Cookie Notice Bar <= 1.3.0 - Authenticated Stored Cross-Site Scripting
CVSS 5.5
CVE-2024-13802 MEDIUM
Bandsintown Events <= 1.3.1 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-13748 MEDIUM
Ultimate Classified Listings <= 1.4 - Authenticated Stored Cross-Site Scripting via Title Parameter
CVSS 4.4
CVE-2024-13155 MEDIUM
Unlimited Elements For Elementor <1.5.140 - XSS
CVSS 6.4
CVE-2024-13445 MEDIUM
Elementor Website Builder <3.27.4 - XSS
CVSS 6.4
CVE-2024-37360 MEDIUM
Hitachi Vantara Pentaho <10.2.0.0-9.3.0.9 - XSS
CVSS 4.4
CVE-2024-53974 MEDIUM
Adobe Experience Manager <6.5.21 - XSS
CVSS 5.4
CVE-2024-28776 MEDIUM
IBM Cognos Controller 11.0.0-11.0.1 FP3 and IBM Controller 11.1.0 - Cross-Site Scripting
CVSS 5.4
CVE-2024-13363 MEDIUM
Raptive Ads <= 3.6.3 - Unauthenticated Reflected Cross-Site Scripting via 'poc' Parameter
CVSS 6.1
CVE-2024-13736 MEDIUM
Pure Chat - Live Chat & More! <= 2.4 - Unauthenticated Stored Cross-Site Scripting via purechatWidgetName Parameter
CVSS 6.1
CVE-2024-13711 MEDIUM
Pollin <= 1.01.1 - Unauthenticated Reflected Cross-Site Scripting via Question Parameter
CVSS 6.1
CVE-2024-13679 MEDIUM
Widget BUY.BOX < 3.1.5 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-13674 MEDIUM
Cosmic Blocks (40+) Content Editor - XSS
CVSS 6.4
CVE-2024-13663 MEDIUM
Coaching Staffs <= 1.5.1 - Authenticated Stored Cross-Site Scripting via mstw-cs-table Shortcode
CVSS 6.4
Details
Vulnerabilities 45,297
Exploit Likelihood High