CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,298 vulnerabilities with CWE-79
CVE-2024-11623
MEDIUM
authentik < 2024.10.4 - Authenticated Stored Cross-Site Scripting via SVG Icon Upload
CVSS 4.8
CVE-2024-13699
MEDIUM
Qi Addons For Elementor <= 1.8.7 - Authenticated Stored Cross-Site Scripting via Cursor Parameter
CVSS 6.4
CVE-2024-13733
MEDIUM
SKT Blocks < 1.8 - Authenticated Stored Cross-Site Scripting via Post Carousel Block
CVSS 6.4
CVE-2024-13403
MEDIUM
WPForms < 1.9.3.2 - Authenticated Stored Cross-Site Scripting via fieldHTML Parameter
CVSS 6.4
CVE-2024-12597
MEDIUM
HT Mega < 2.7.7 - Authenticated Stored Cross-Site Scripting via block_css and inner_css Parameters
CVSS 6.4
CVE-2024-13332
MEDIUM
TransFinanz WordPress Plugin <= 1.0.0 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-13331
MEDIUM
WP Dream Carousel < 1.0.1b - Reflected Cross-Site Scripting via Unsanitized Parameter
CVSS 6.1
CVE-2024-13330
HIGH
JustRows free WordPress plugin < 0.2 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-13329
HIGH
Solidres < 0.9.4 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-13328
MEDIUM
Giga Messenger < 2.3.1 - Reflected Cross-Site Scripting via Unsanitized Parameter
CVSS 6.1
CVE-2024-13327
MEDIUM
Musicbox < 2.0.3 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-13326
MEDIUM
ibuildapp < 0.2.0 - Reflected Cross-Site Scripting via Unsanitized Parameter
CVSS 6.1
CVE-2024-13325
MEDIUM
Glossy < 2.3.5 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-13114
MEDIUM
WP Projects Portfolio with Client Testimonials < 3.0 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-44449
MEDIUM
Quorum onQ OS 6.0.0.5.2064 - Cross-Site Scripting via Login Page msg Parameter
CVSS 6.1
CVE-2024-57498
MEDIUM
ForestBlog 20241223 - Cross-Site Scripting via Article Editing Function
CVSS 4.8
CVE-2024-57097
MEDIUM
ClassCMS 4.8 - Cross-Site Scripting in channel.php
CVSS 4.8
CVE-2024-11132
MEDIUM
Eventer WordPress Plugin <= 3.9.9.4 - Authenticated Stored XSS via Shortcode
CVSS 6.4
CVE-2024-57237
MEDIUM
Prolink 4G LTE Mobile Wi-Fi DL-7203E V4.0.0B05 - XSS
CVSS 6.3
CVE-2024-50656
MEDIUM
itsourcecode Placement Management System 1.0 - Stored Cross-Site Scripting via Registration Full Name Field
CVSS 6.1
CVE-2024-57175
MEDIUM
PHPGURUKUL Online Birth Certificate System 1.0 - Stored Cross-Site Scripting via Profile Name
CVSS 5.4
CVE-2024-53943
MEDIUM
NRadio N8-180 NROS-1.9.2.n3.c5 - XSS
CVSS 6.1
CVE-2024-57522
MEDIUM
SourceCodester Packers and Movers Management System 1.0 - Stored Cross-Site Scripting in Users.php
CVSS 6.4
CVE-2024-13347
MEDIUM
Essential WP Real Estate <1.1.3 - XSS
CVSS 6.8
CVE-2024-13612
MEDIUM
Better Messages < 2.6.9 - Authenticated Stored Cross-Site Scripting via Live Chat Button Shortcode
CVSS 6.4
Details
Vulnerabilities
45,298
Exploit Likelihood
High