CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,298 vulnerabilities with CWE-79
CVE-2024-11829
MEDIUM
The Plus Addons for Elementor - WooCommerce <6.1.8 - XSS
CVSS 6.4
CVE-2024-13099
MEDIUM
Widget4Call < 1.0.7 - Reflected Cross-Site Scripting
CVSS 5.4
CVE-2024-13098
MEDIUM
WordPress Email Newsletter <1.1 - XSS
CVSS 5.4
CVE-2024-13097
MEDIUM
WP Finance WordPress Plugin < 1.3.6 - Reflected Cross-Site Scripting
CVSS 5.4
CVE-2024-12768
MEDIUM
Responsive iframe < 1.2.0 - Stored Cross-Site Scripting via Block Options
CVSS 5.4
CVE-2024-13547
MEDIUM
aThemes Addons for Elementor <= 1.0.12 - Authenticated Stored Cross-Site Scripting via Image Accordion Widget
CVSS 6.4
CVE-2024-11780
MEDIUM
Site Search 360 < 2.1.6 - Authenticated Stored Cross-Site Scripting via ss360-resultblock Shortcode
CVSS 6.4
CVE-2024-49349
MEDIUM
IBM Financial Transaction Manager for Multiplatforms 3.2.4.0-3.2.4.1 - Authenticated Stored Cross-Site Scripting
CVSS 6.1
CVE-2024-49339
MEDIUM
IBM Financial Transaction Manager for Multiplatforms 3.2.4.0-3.2.4.1 - Authenticated Stored Cross-Site Scripting
CVSS 6.4
CVE-2024-42671
MEDIUM
slabiak Appointment Scheduler <1.0.5 - Open Redirect
CVSS 6.1
CVE-2024-49807
MEDIUM
IBM Sterling B2B Integrator 6.0.0.0-6.1.2.5 and 6.2.0.0-6.2.0.3 - Authenticated Stored Cross-Site Scripting
CVSS 6.4
CVE-2024-47116
MEDIUM
IBM Sterling B2B Integrator 6.0.0.0-6.1.2.5 and 6.2.0.0-6.2.0.3 - Authenticated Stored Cross-Site Scripting
CVSS 5.4
CVE-2024-47103
MEDIUM
IBM Sterling B2B Integrator 6.0.0.0-6.1.2.5 and 6.2.0.0-6.2.0.3 - Cross-Site Scripting
CVSS 4.8
CVE-2024-40696
MEDIUM
IBM Sterling B2B Integrator 6.0.0.0-6.1.2.5 and 6.2.0.0-6.2.0.3 - Stored Cross-Site Scripting
CVSS 4.8
CVE-2024-13662
MEDIUM
eHive Objects Image Grid <2.4.1 - XSS
CVSS 6.4
CVE-2024-12037
MEDIUM
Profile Form for User Profiles <= 2.8.13 - Authenticated Stored XSS via 'bf_new_submission_link'
CVSS 6.4
CVE-2024-13566
MEDIUM
WP DataTable <= 0.2.6 - Authenticated Stored Cross-Site Scripting via ID Parameter
CVSS 6.4
CVE-2024-13157
MEDIUM
MP3 Audio Player by Sonaar <= 5.9.3 - Authenticated Stored XSS via Podcast RSS Feed
CVSS 6.4
CVE-2024-13504
HIGH
Shared Files <= 1.7.42 - Unauthenticated Stored XSS via dfxp Upload
CVSS 7.2
CVE-2024-13226
MEDIUM
A5 Custom Login Page < 2.8.1 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-13225
MEDIUM
ECT Home Page Products < 1.9 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-13224
MEDIUM
SlideDeck 1 Lite Content Slider WP <1.4.8 - XSS
CVSS 6.1
CVE-2024-13223
MEDIUM
Tabulate WordPress Plugin < 2.10.3 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-13222
MEDIUM
User Messages WordPress Plugin <= 1.2.4 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-13221
MEDIUM
Fantastic ElasticSearch WP <4.1.0 - XSS
CVSS 6.1
Details
Vulnerabilities
45,298
Exploit Likelihood
High