CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,354 vulnerabilities with CWE-79
CVE-2024-44771
MEDIUM
BigId PrivacyPortal v179 - Cross-Site Scripting via Report Template Label Field
CVSS 6.1
CVE-2024-57488
MEDIUM
Code-Projects Online Car Rental System 1.0 - Cross-Site Scripting via vehicalorcview Parameter
CVSS 6.5
CVE-2024-12211
MEDIUM
Pega Platform 8.1-23.1.4 - Stored Cross-Site Scripting in Profile
CVSS 5.4
CVE-2024-56301
HIGH
Distance Based Shipping Calculator <= 2.0.21 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-56065
HIGH
Saleswonder.biz Team WP2LEADS <3.4.2 - XSS
CVSS 7.1
CVE-2024-12568
MEDIUM
Email Subscribers by Icegram Express < 5.7.45 - Authenticated Stored Cross-Site Scripting in Workflow Settings
CVSS 4.8
CVE-2024-12567
MEDIUM
Email Subscribers by Icegram Express < 5.7.45 - Authenticated Stored Cross-Site Scripting in Form Settings
CVSS 4.8
CVE-2024-12566
MEDIUM
Email Subscribers by Icegram Express < 5.7.45 - Authenticated Stored Cross-Site Scripting in Form Settings
CVSS 4.8
CVE-2024-11636
MEDIUM
Email Subscribers by Icegram Express <5.7.45 - XSS
CVSS 4.8
CVE-2024-49785
MEDIUM
IBM watsonx.ai 1.1-2.0.3 and watsonx.ai on Cloud Pak for Data 4.8-5.0.3 - Authenticated Stored Cross-Site Scripting
CVSS 5.4
CVE-2024-12527
MEDIUM
WordPress Perfect Portal Widgets <3.0.3 - XSS
CVSS 6.4
CVE-2024-12520
MEDIUM
Dominion - Domain Checker WPBakery <2.2.2 - XSS
CVSS 6.4
CVE-2024-12519
MEDIUM
TCBD Auto Refresher <= 2.0 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-12412
MEDIUM
WpRently <2.2.1 - XSS
CVSS 6.1
CVE-2024-12407
MEDIUM
Push Notification for Post & BuddyPress <2.06 - XSS
CVSS 6.1
CVE-2024-11892
MEDIUM
Accordion Slider Lite <= 1.5.1 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-11874
MEDIUM
Grid Accordion Lite <= 1.5.1 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-11758
MEDIUM
WP SPID Italia <= 2.9 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-11386
MEDIUM
GatorMail SmartForms < 1.1.0 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-12587
MEDIUM
Contact Form Master < 1.0.7 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-12304
MEDIUM
Gutenberg Blocks with AI by Kadence WP < 3.4.3 - Authenticated Stored Cross-Site Scripting via Button Block Link
CVSS 6.4
CVE-2024-12505
MEDIUM
Trackserver plugin - WordPress <5.0.2 - XSS
CVSS 6.4
CVE-2024-11327
MEDIUM
ClickWhale - WordPress <2.4.1 - XSS
CVSS 6.1
CVE-2024-9188
HIGH
Arista ng_firewall < 17.2 - Cross-Site Scripting via Specially Constructed Queries
CVSS 8.8
CVE-2024-54998
MEDIUM
MonicaHQ v4.1.2 - Authenticated Client-Side Injection via Debts Creation Reason Parameter
CVSS 5.4
Details
Vulnerabilities
45,354
Exploit Likelihood
High