CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,355 vulnerabilities with CWE-79
CVE-2024-13286
MEDIUM
Drupal SVG Embed < 2.1.2 - Cross-Site Scripting
CVSS 5.4
CVE-2024-13283
MEDIUM
Facets < 2.0.9 - Cross-Site Scripting
CVSS 6.1
CVE-2024-13273
MEDIUM
Drupal Open Social <12.3.8-13.0.0-alpha11 - XSS
CVSS 5.4
CVE-2024-13262
MEDIUM
Drupal View Password < 6.0.4 - Cross-Site Scripting
CVSS 4.8
CVE-2024-13252
MEDIUM
Drupal TacJS 8.x < 8.x-6.5 - Cross-Site Scripting
CVSS 5.4
CVE-2024-13247
MEDIUM
Drupal Coffee < 8.x-1.4 - Cross-Site Scripting
CVSS 4.8
CVE-2024-13245
MEDIUM
Drupal CKEditor 4 LTS-1.0.0.1.0.1 - XSS
CVSS 5.4
CVE-2024-13238
MEDIUM
Typogrify < 8.x-1.3 - Cross-Site Scripting
CVSS 5.4
CVE-2024-13237
MEDIUM
Drupal File Entity 7.x-2.0-7.x-2.37 - Cross-Site Scripting
CVSS 5.4
CVE-2024-6155
MEDIUM
Greenshift < 9.0.1 - Authenticated SSRF & Stored XSS via SVG Upload
CVSS 6.4
CVE-2024-12819
MEDIUM
Searchie <= 1.17.0 - Authenticated Stored Cross-Site Scripting via sio_embed_media Shortcode
CVSS 6.4
CVE-2024-12621
MEDIUM
Yumpu E-Paper publishing <= 3.0.8 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-12515
MEDIUM
Muslim Prayer Time-Salah/Iqamah <1.8.8 - XSS
CVSS 6.4
CVE-2024-12514
MEDIUM
3DVieweronline <= 2.2.2 - Authenticated Stored Cross-Site Scripting via '3Dvo-model' Shortcode
CVSS 6.4
CVE-2024-12496
MEDIUM
Linear < 2.7.12 - Authenticated Stored Cross-Site Scripting via linear_block_buy_commissions Shortcode
CVSS 6.4
CVE-2024-12493
MEDIUM
Files Download Delay <= 1.0.9 - Authenticated Stored Cross-Site Scripting via fddwrap Shortcode
CVSS 6.4
CVE-2024-12491
MEDIUM
SimplyRETS Real Estate IDX <2.11.2 - XSS
CVSS 6.4
CVE-2024-12394
MEDIUM
Action Network plugin - WordPress <1.4.4 - CSRF
CVSS 6.1
CVE-2024-12285
MEDIUM
SEMA API plugin - WordPress <5.27 - XSS
CVSS 6.1
CVE-2024-12222
MEDIUM
Deliver via Shipos for WooCommerce <2.1.7 - XSS
CVSS 6.1
CVE-2024-12122
MEDIUM
ResAds <= 2.0.6 - Unauthenticated Reflected Cross-Site Scripting via Multiple Parameters
CVSS 6.1
CVE-2024-11907
MEDIUM
WordPress Skyword API Plugin <= 2.5.2 - XSS
CVSS 6.4
CVE-2024-11815
MEDIUM
Shipping with WooCommerce <= 1.3.1 - Unauthenticated Reflected XSS via printed_marked and nonprinted_marked Parameters
CVSS 6.1
CVE-2024-11686
MEDIUM
WhatsApp click to chat <= 3.0.4 - Unauthenticated Reflected Cross-Site Scripting via manycontacts_code Parameter
CVSS 6.1
CVE-2024-11328
MEDIUM
CLUEVO LMS - WordPress <1.13.2 - XSS
CVSS 6.1
Details
Vulnerabilities
45,355
Exploit Likelihood
High