CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,298 vulnerabilities with CWE-79
CVE-2024-56463
MEDIUM
IBM QRadar SIEM 7.5 - Stored Cross-Site Scripting via Web UI
CVSS 4.8
CVE-2024-13735
MEDIUM
HurryTimer < 2.11.2 - Authenticated Stored Cross-Site Scripting via Campaign Name
CVSS 6.4
CVE-2024-9601
MEDIUM
Qubely <= 1.8.12 - Authenticated Stored XSS via Align/UniqueID
CVSS 6.5
CVE-2024-7052
MEDIUM
Forminator Forms < 1.38.3 - Authenticated Stored Cross-Site Scripting in Settings
CVSS 4.8
CVE-2024-13493
MEDIUM
Sensly Online Presence < 0.6 - Authenticated Stored Cross-Site Scripting in Plugin Settings
CVSS 4.8
CVE-2024-54951
MEDIUM
Monica 4.1.2 - Stored Cross-Site Scripting via 'HOW YOU MET' Customization
CVSS 5.4
CVE-2024-13867
MEDIUM
Listivo - Classified Ads WordPress Theme <= 2.3.67 - Reflected Cross-Site Scripting via 's' Parameter
CVSS 6.1
CVE-2024-13125
LOW
Everest Forms < 3.0.8.1 - Authenticated Stored Cross-Site Scripting in Settings
CVSS 3.5
CVE-2024-13121
LOW
WordPress Paid Membership Plugin <4.15.20 - XSS
CVSS 3.5
CVE-2024-13120
MEDIUM
WordPress Paid Membership Plugin <4.15.20 - XSS
CVSS 4.8
CVE-2024-13119
MEDIUM
WordPress Paid Membership Plugin <4.15.20 - XSS
CVSS 4.8
CVE-2024-12586
MEDIUM
Chalet-Montagne.com Tools < 2.7.8 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-13227
MEDIUM
Rank Math SEO - AI SEO Tools <1.0.235 - XSS
CVSS 6.4
CVE-2024-13644
MEDIUM
DethemeKit For Elementor <= 2.1.8 - Authenticated Stored Cross-Site Scripting via De Gallery Widget
CVSS 6.4
CVE-2024-57605
MEDIUM
Fuel CMS 1.5.2 - Cross-Site Scripting via /fuel/blocks/ and /fuel/pages Components
CVSS 5.4
CVE-2024-57601
MEDIUM
EasyAppointments 1.5.0 - Cross-Site Scripting via Legal Settings Parameter
CVSS 6.1
CVE-2024-56939
MEDIUM
LearnDash 6.7.1 - Stored Cross-Site Scripting in ld-comment-body Class
CVSS 5.4
CVE-2024-56938
MEDIUM
LearnDash 6.7.1 - Stored Cross-Site Scripting in Materials-Content Class
CVSS 5.4
CVE-2024-51122
MEDIUM
Zertificon Z1 SecureMail <3.16.4-2516-debian12 - XSS
CVSS 6.1
CVE-2024-54160
MEDIUM
dashboards-reporting <2.19.0.0 - XSS
CVSS 6.4
CVE-2024-10322
MEDIUM
Brizy < 2.6.9 - Authenticated Stored Cross-Site Scripting via REST API SVG File Upload
CVSS 6.4
CVE-2024-13459
MEDIUM
FuseDesk < 6.6.1 - Authenticated Stored Cross-Site Scripting via fusedesk_newcase Shortcode
CVSS 6.4
CVE-2024-13456
MEDIUM
Easy Quiz Maker < 2.0 - Authenticated Stored Cross-Site Scripting via wqt-question Shortcode
CVSS 6.4
CVE-2024-13769
MEDIUM
Puzzles < 4.2.5 - Authenticated Stored Cross-Site Scripting via theme_options_ajax_post_action
CVSS 6.4
CVE-2024-13665
MEDIUM
Admire Extra <= 1.6 - Authenticated Stored Cross-Site Scripting via Space Shortcode
CVSS 6.4
Details
Vulnerabilities
45,298
Exploit Likelihood
High