CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,300 vulnerabilities with CWE-79
CVE-2024-49300 HIGH
Hero Mega Menu - Responsive WordPress Menu Plugin < 1.16.5 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-11226 MEDIUM
FireCask Like & Share Button <1.2 - XSS
CVSS 6.4
CVE-2024-13404 MEDIUM
Link Library plugin for WordPress <8 - XSS
CVSS 6.1
CVE-2024-8722 MEDIUM
WP All Import Pro <= 4.9.7 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 5.5
CVE-2024-13392 MEDIUM
AJAX Reviews, Votes, Star Ratings <= 1.6.3 - Authenticated Stored XSS via videowhisper_reviews Shortcode
CVSS 6.4
CVE-2024-13519 MEDIUM
MarketKing - Ultimate WooCommerce Multivendor Marketplace Solution ...
CVSS 4.4
CVE-2024-13517 MEDIUM
Easy Digital Downloads <3.3.2 - XSS
CVSS 4.4
CVE-2024-13433 MEDIUM
WordPress Utilities for MTG <1.4.1 - XSS
CVSS 6.4
CVE-2024-13393 MEDIUM
Video Share VOD - Turnkey Video Site Builder Script <2.6.31 - XSS
CVSS 6.4
CVE-2024-13391 MEDIUM
MicroPayments - Fans Paysite: Paid Creator Subscriptions, Digital A...
CVSS 6.4
CVE-2024-13385 MEDIUM
JSM Screenshot Machine Shortcode <2.3.0 - XSS
CVSS 6.4
CVE-2024-12696 MEDIUM
Picture Gallery <= 1.5.22 - Authenticated Stored XSS via videowhisper_picture_upload_guest Shortcode
CVSS 6.4
CVE-2024-9020 MEDIUM
List category posts < 0.90.3 - Stored Cross-Site Scripting via Shortcode Attributes
CVSS 5.4
CVE-2024-13516 MEDIUM
Kubio AI Page Builder <= 2.3.5 - Unauthenticated Reflected Cross-Site Scripting via Message Parameter
CVSS 6.1
CVE-2024-13515 MEDIUM
Image Source Control Lite - WordPress <2.28.0 - XSS
CVSS 6.1
CVE-2024-57033 MEDIUM
WeGIA < 3.2.0 - Cross-Site Scripting via dados_addInfo Parameter
CVSS 6.1
CVE-2024-57372 MEDIUM
InformationPush master - Cross-Site Scripting via Title, Time, and Msg Parameters
CVSS 6.1
CVE-2024-57370 MEDIUM
Sunnygkp10 Online Exam System - XSS
CVSS 6.1
CVE-2024-57030 HIGH
Wegia < 3.2.0 - Cross-Site Scripting via id Parameter
CVSS 8.1
CVE-2024-26157 MEDIUM
ETIC Telecom Remote Access Server Firmware < 4.5.0 - Reflected Cross-Site Scripting via View Parameter
CVSS 6.1
CVE-2024-26156 MEDIUM
ETIC Telecom Remote Access Server Firmware < 4.5.0 - Reflected Cross-Site Scripting via Method Parameter
CVSS 4.8
CVE-2024-26154 MEDIUM
ETIC Telecom Remote Access Server Firmware < 4.5.0 - Reflected Cross-Site Scripting in Appliance Site Name
CVSS 4.8
CVE-2024-13378 MEDIUM
Gravity Forms 2.9.0.1-2.9.1.3 - XSS
CVSS 5.4
CVE-2024-13377 HIGH
Gravity Forms <= 2.9.1.3 - Unauthenticated Stored Cross-Site Scripting via Alt Parameter
CVSS 7.2
CVE-2024-13386 MEDIUM
quote-posttype-plugin <= 1.2.2 - Authenticated Stored Cross-Site Scripting via Author Field
CVSS 6.4
Details
Vulnerabilities 45,300
Exploit Likelihood High