CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,298 vulnerabilities with CWE-79
CVE-2024-56463 MEDIUM
IBM QRadar SIEM 7.5 - Stored Cross-Site Scripting via Web UI
CVSS 4.8
CVE-2024-13735 MEDIUM
HurryTimer < 2.11.2 - Authenticated Stored Cross-Site Scripting via Campaign Name
CVSS 6.4
CVE-2024-9601 MEDIUM
Qubely <= 1.8.12 - Authenticated Stored XSS via Align/UniqueID
CVSS 6.5
CVE-2024-7052 MEDIUM
Forminator Forms < 1.38.3 - Authenticated Stored Cross-Site Scripting in Settings
CVSS 4.8
CVE-2024-13493 MEDIUM
Sensly Online Presence < 0.6 - Authenticated Stored Cross-Site Scripting in Plugin Settings
CVSS 4.8
CVE-2024-54951 MEDIUM
Monica 4.1.2 - Stored Cross-Site Scripting via 'HOW YOU MET' Customization
CVSS 5.4
CVE-2024-13867 MEDIUM
Listivo - Classified Ads WordPress Theme <= 2.3.67 - Reflected Cross-Site Scripting via 's' Parameter
CVSS 6.1
CVE-2024-13125 LOW
Everest Forms < 3.0.8.1 - Authenticated Stored Cross-Site Scripting in Settings
CVSS 3.5
CVE-2024-13121 LOW
WordPress Paid Membership Plugin <4.15.20 - XSS
CVSS 3.5
CVE-2024-13120 MEDIUM
WordPress Paid Membership Plugin <4.15.20 - XSS
CVSS 4.8
CVE-2024-13119 MEDIUM
WordPress Paid Membership Plugin <4.15.20 - XSS
CVSS 4.8
CVE-2024-12586 MEDIUM
Chalet-Montagne.com Tools < 2.7.8 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-13227 MEDIUM
Rank Math SEO - AI SEO Tools <1.0.235 - XSS
CVSS 6.4
CVE-2024-13644 MEDIUM
DethemeKit For Elementor <= 2.1.8 - Authenticated Stored Cross-Site Scripting via De Gallery Widget
CVSS 6.4
CVE-2024-57605 MEDIUM
Fuel CMS 1.5.2 - Cross-Site Scripting via /fuel/blocks/ and /fuel/pages Components
CVSS 5.4
CVE-2024-57601 MEDIUM
EasyAppointments 1.5.0 - Cross-Site Scripting via Legal Settings Parameter
CVSS 6.1
CVE-2024-56939 MEDIUM
LearnDash 6.7.1 - Stored Cross-Site Scripting in ld-comment-body Class
CVSS 5.4
CVE-2024-56938 MEDIUM
LearnDash 6.7.1 - Stored Cross-Site Scripting in Materials-Content Class
CVSS 5.4
CVE-2024-51122 MEDIUM
Zertificon Z1 SecureMail <3.16.4-2516-debian12 - XSS
CVSS 6.1
CVE-2024-54160 MEDIUM
dashboards-reporting <2.19.0.0 - XSS
CVSS 6.4
CVE-2024-10322 MEDIUM
Brizy < 2.6.9 - Authenticated Stored Cross-Site Scripting via REST API SVG File Upload
CVSS 6.4
CVE-2024-13459 MEDIUM
FuseDesk < 6.6.1 - Authenticated Stored Cross-Site Scripting via fusedesk_newcase Shortcode
CVSS 6.4
CVE-2024-13456 MEDIUM
Easy Quiz Maker < 2.0 - Authenticated Stored Cross-Site Scripting via wqt-question Shortcode
CVSS 6.4
CVE-2024-13769 MEDIUM
Puzzles < 4.2.5 - Authenticated Stored Cross-Site Scripting via theme_options_ajax_post_action
CVSS 6.4
CVE-2024-13665 MEDIUM
Admire Extra <= 1.6 - Authenticated Stored Cross-Site Scripting via Space Shortcode
CVSS 6.4
Details
Vulnerabilities 45,298
Exploit Likelihood High