CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,298 vulnerabilities with CWE-79
CVE-2024-11623 MEDIUM
authentik < 2024.10.4 - Authenticated Stored Cross-Site Scripting via SVG Icon Upload
CVSS 4.8
CVE-2024-13699 MEDIUM
Qi Addons For Elementor <= 1.8.7 - Authenticated Stored Cross-Site Scripting via Cursor Parameter
CVSS 6.4
CVE-2024-13733 MEDIUM
SKT Blocks < 1.8 - Authenticated Stored Cross-Site Scripting via Post Carousel Block
CVSS 6.4
CVE-2024-13403 MEDIUM
WPForms < 1.9.3.2 - Authenticated Stored Cross-Site Scripting via fieldHTML Parameter
CVSS 6.4
CVE-2024-12597 MEDIUM
HT Mega < 2.7.7 - Authenticated Stored Cross-Site Scripting via block_css and inner_css Parameters
CVSS 6.4
CVE-2024-13332 MEDIUM
TransFinanz WordPress Plugin <= 1.0.0 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-13331 MEDIUM
WP Dream Carousel < 1.0.1b - Reflected Cross-Site Scripting via Unsanitized Parameter
CVSS 6.1
CVE-2024-13330 HIGH
JustRows free WordPress plugin < 0.2 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-13329 HIGH
Solidres < 0.9.4 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-13328 MEDIUM
Giga Messenger < 2.3.1 - Reflected Cross-Site Scripting via Unsanitized Parameter
CVSS 6.1
CVE-2024-13327 MEDIUM
Musicbox < 2.0.3 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-13326 MEDIUM
ibuildapp < 0.2.0 - Reflected Cross-Site Scripting via Unsanitized Parameter
CVSS 6.1
CVE-2024-13325 MEDIUM
Glossy < 2.3.5 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-13114 MEDIUM
WP Projects Portfolio with Client Testimonials < 3.0 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-44449 MEDIUM
Quorum onQ OS 6.0.0.5.2064 - Cross-Site Scripting via Login Page msg Parameter
CVSS 6.1
CVE-2024-57498 MEDIUM
ForestBlog 20241223 - Cross-Site Scripting via Article Editing Function
CVSS 4.8
CVE-2024-57097 MEDIUM
ClassCMS 4.8 - Cross-Site Scripting in channel.php
CVSS 4.8
CVE-2024-11132 MEDIUM
Eventer WordPress Plugin <= 3.9.9.4 - Authenticated Stored XSS via Shortcode
CVSS 6.4
CVE-2024-57237 MEDIUM
Prolink 4G LTE Mobile Wi-Fi DL-7203E V4.0.0B05 - XSS
CVSS 6.3
CVE-2024-50656 MEDIUM
itsourcecode Placement Management System 1.0 - Stored Cross-Site Scripting via Registration Full Name Field
CVSS 6.1
CVE-2024-57175 MEDIUM
PHPGURUKUL Online Birth Certificate System 1.0 - Stored Cross-Site Scripting via Profile Name
CVSS 5.4
CVE-2024-53943 MEDIUM
NRadio N8-180 NROS-1.9.2.n3.c5 - XSS
CVSS 6.1
CVE-2024-57522 MEDIUM
SourceCodester Packers and Movers Management System 1.0 - Stored Cross-Site Scripting in Users.php
CVSS 6.4
CVE-2024-13347 MEDIUM
Essential WP Real Estate <1.1.3 - XSS
CVSS 6.8
CVE-2024-13612 MEDIUM
Better Messages < 2.6.9 - Authenticated Stored Cross-Site Scripting via Live Chat Button Shortcode
CVSS 6.4
Details
Vulnerabilities 45,298
Exploit Likelihood High