CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,354 vulnerabilities with CWE-79
CVE-2024-44771 MEDIUM
BigId PrivacyPortal v179 - Cross-Site Scripting via Report Template Label Field
CVSS 6.1
CVE-2024-57488 MEDIUM
Code-Projects Online Car Rental System 1.0 - Cross-Site Scripting via vehicalorcview Parameter
CVSS 6.5
CVE-2024-12211 MEDIUM
Pega Platform 8.1-23.1.4 - Stored Cross-Site Scripting in Profile
CVSS 5.4
CVE-2024-56301 HIGH
Distance Based Shipping Calculator <= 2.0.21 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-56065 HIGH
Saleswonder.biz Team WP2LEADS <3.4.2 - XSS
CVSS 7.1
CVE-2024-12568 MEDIUM
Email Subscribers by Icegram Express < 5.7.45 - Authenticated Stored Cross-Site Scripting in Workflow Settings
CVSS 4.8
CVE-2024-12567 MEDIUM
Email Subscribers by Icegram Express < 5.7.45 - Authenticated Stored Cross-Site Scripting in Form Settings
CVSS 4.8
CVE-2024-12566 MEDIUM
Email Subscribers by Icegram Express < 5.7.45 - Authenticated Stored Cross-Site Scripting in Form Settings
CVSS 4.8
CVE-2024-11636 MEDIUM
Email Subscribers by Icegram Express <5.7.45 - XSS
CVSS 4.8
CVE-2024-49785 MEDIUM
IBM watsonx.ai 1.1-2.0.3 and watsonx.ai on Cloud Pak for Data 4.8-5.0.3 - Authenticated Stored Cross-Site Scripting
CVSS 5.4
CVE-2024-12527 MEDIUM
WordPress Perfect Portal Widgets <3.0.3 - XSS
CVSS 6.4
CVE-2024-12520 MEDIUM
Dominion - Domain Checker WPBakery <2.2.2 - XSS
CVSS 6.4
CVE-2024-12519 MEDIUM
TCBD Auto Refresher <= 2.0 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-12412 MEDIUM
WpRently <2.2.1 - XSS
CVSS 6.1
CVE-2024-12407 MEDIUM
Push Notification for Post & BuddyPress <2.06 - XSS
CVSS 6.1
CVE-2024-11892 MEDIUM
Accordion Slider Lite <= 1.5.1 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-11874 MEDIUM
Grid Accordion Lite <= 1.5.1 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-11758 MEDIUM
WP SPID Italia <= 2.9 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-11386 MEDIUM
GatorMail SmartForms < 1.1.0 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-12587 MEDIUM
Contact Form Master < 1.0.7 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-12304 MEDIUM
Gutenberg Blocks with AI by Kadence WP < 3.4.3 - Authenticated Stored Cross-Site Scripting via Button Block Link
CVSS 6.4
CVE-2024-12505 MEDIUM
Trackserver plugin - WordPress <5.0.2 - XSS
CVSS 6.4
CVE-2024-11327 MEDIUM
ClickWhale - WordPress <2.4.1 - XSS
CVSS 6.1
CVE-2024-9188 HIGH
Arista ng_firewall < 17.2 - Cross-Site Scripting via Specially Constructed Queries
CVSS 8.8
CVE-2024-54998 MEDIUM
MonicaHQ v4.1.2 - Authenticated Client-Side Injection via Debts Creation Reason Parameter
CVSS 5.4
Details
Vulnerabilities 45,354
Exploit Likelihood High