CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,298 vulnerabilities with CWE-79
CVE-2024-11829 MEDIUM
The Plus Addons for Elementor - WooCommerce <6.1.8 - XSS
CVSS 6.4
CVE-2024-13099 MEDIUM
Widget4Call < 1.0.7 - Reflected Cross-Site Scripting
CVSS 5.4
CVE-2024-13098 MEDIUM
WordPress Email Newsletter <1.1 - XSS
CVSS 5.4
CVE-2024-13097 MEDIUM
WP Finance WordPress Plugin < 1.3.6 - Reflected Cross-Site Scripting
CVSS 5.4
CVE-2024-12768 MEDIUM
Responsive iframe < 1.2.0 - Stored Cross-Site Scripting via Block Options
CVSS 5.4
CVE-2024-13547 MEDIUM
aThemes Addons for Elementor <= 1.0.12 - Authenticated Stored Cross-Site Scripting via Image Accordion Widget
CVSS 6.4
CVE-2024-11780 MEDIUM
Site Search 360 < 2.1.6 - Authenticated Stored Cross-Site Scripting via ss360-resultblock Shortcode
CVSS 6.4
CVE-2024-49349 MEDIUM
IBM Financial Transaction Manager for Multiplatforms 3.2.4.0-3.2.4.1 - Authenticated Stored Cross-Site Scripting
CVSS 6.1
CVE-2024-49339 MEDIUM
IBM Financial Transaction Manager for Multiplatforms 3.2.4.0-3.2.4.1 - Authenticated Stored Cross-Site Scripting
CVSS 6.4
CVE-2024-42671 MEDIUM
slabiak Appointment Scheduler <1.0.5 - Open Redirect
CVSS 6.1
CVE-2024-49807 MEDIUM
IBM Sterling B2B Integrator 6.0.0.0-6.1.2.5 and 6.2.0.0-6.2.0.3 - Authenticated Stored Cross-Site Scripting
CVSS 6.4
CVE-2024-47116 MEDIUM
IBM Sterling B2B Integrator 6.0.0.0-6.1.2.5 and 6.2.0.0-6.2.0.3 - Authenticated Stored Cross-Site Scripting
CVSS 5.4
CVE-2024-47103 MEDIUM
IBM Sterling B2B Integrator 6.0.0.0-6.1.2.5 and 6.2.0.0-6.2.0.3 - Cross-Site Scripting
CVSS 4.8
CVE-2024-40696 MEDIUM
IBM Sterling B2B Integrator 6.0.0.0-6.1.2.5 and 6.2.0.0-6.2.0.3 - Stored Cross-Site Scripting
CVSS 4.8
CVE-2024-13662 MEDIUM
eHive Objects Image Grid <2.4.1 - XSS
CVSS 6.4
CVE-2024-12037 MEDIUM
Profile Form for User Profiles <= 2.8.13 - Authenticated Stored XSS via 'bf_new_submission_link'
CVSS 6.4
CVE-2024-13566 MEDIUM
WP DataTable <= 0.2.6 - Authenticated Stored Cross-Site Scripting via ID Parameter
CVSS 6.4
CVE-2024-13157 MEDIUM
MP3 Audio Player by Sonaar <= 5.9.3 - Authenticated Stored XSS via Podcast RSS Feed
CVSS 6.4
CVE-2024-13504 HIGH
Shared Files <= 1.7.42 - Unauthenticated Stored XSS via dfxp Upload
CVSS 7.2
CVE-2024-13226 MEDIUM
A5 Custom Login Page < 2.8.1 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-13225 MEDIUM
ECT Home Page Products < 1.9 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-13224 MEDIUM
SlideDeck 1 Lite Content Slider WP <1.4.8 - XSS
CVSS 6.1
CVE-2024-13223 MEDIUM
Tabulate WordPress Plugin < 2.10.3 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-13222 MEDIUM
User Messages WordPress Plugin <= 1.2.4 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-13221 MEDIUM
Fantastic ElasticSearch WP <4.1.0 - XSS
CVSS 6.1
Details
Vulnerabilities 45,298
Exploit Likelihood High