CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,355 vulnerabilities with CWE-79
CVE-2024-13286 MEDIUM
Drupal SVG Embed < 2.1.2 - Cross-Site Scripting
CVSS 5.4
CVE-2024-13283 MEDIUM
Facets < 2.0.9 - Cross-Site Scripting
CVSS 6.1
CVE-2024-13273 MEDIUM
Drupal Open Social <12.3.8-13.0.0-alpha11 - XSS
CVSS 5.4
CVE-2024-13262 MEDIUM
Drupal View Password < 6.0.4 - Cross-Site Scripting
CVSS 4.8
CVE-2024-13252 MEDIUM
Drupal TacJS 8.x < 8.x-6.5 - Cross-Site Scripting
CVSS 5.4
CVE-2024-13247 MEDIUM
Drupal Coffee < 8.x-1.4 - Cross-Site Scripting
CVSS 4.8
CVE-2024-13245 MEDIUM
Drupal CKEditor 4 LTS-1.0.0.1.0.1 - XSS
CVSS 5.4
CVE-2024-13238 MEDIUM
Typogrify < 8.x-1.3 - Cross-Site Scripting
CVSS 5.4
CVE-2024-13237 MEDIUM
Drupal File Entity 7.x-2.0-7.x-2.37 - Cross-Site Scripting
CVSS 5.4
CVE-2024-6155 MEDIUM
Greenshift < 9.0.1 - Authenticated SSRF & Stored XSS via SVG Upload
CVSS 6.4
CVE-2024-12819 MEDIUM
Searchie <= 1.17.0 - Authenticated Stored Cross-Site Scripting via sio_embed_media Shortcode
CVSS 6.4
CVE-2024-12621 MEDIUM
Yumpu E-Paper publishing <= 3.0.8 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-12515 MEDIUM
Muslim Prayer Time-Salah/Iqamah <1.8.8 - XSS
CVSS 6.4
CVE-2024-12514 MEDIUM
3DVieweronline <= 2.2.2 - Authenticated Stored Cross-Site Scripting via '3Dvo-model' Shortcode
CVSS 6.4
CVE-2024-12496 MEDIUM
Linear < 2.7.12 - Authenticated Stored Cross-Site Scripting via linear_block_buy_commissions Shortcode
CVSS 6.4
CVE-2024-12493 MEDIUM
Files Download Delay <= 1.0.9 - Authenticated Stored Cross-Site Scripting via fddwrap Shortcode
CVSS 6.4
CVE-2024-12491 MEDIUM
SimplyRETS Real Estate IDX <2.11.2 - XSS
CVSS 6.4
CVE-2024-12394 MEDIUM
Action Network plugin - WordPress <1.4.4 - CSRF
CVSS 6.1
CVE-2024-12285 MEDIUM
SEMA API plugin - WordPress <5.27 - XSS
CVSS 6.1
CVE-2024-12222 MEDIUM
Deliver via Shipos for WooCommerce <2.1.7 - XSS
CVSS 6.1
CVE-2024-12122 MEDIUM
ResAds <= 2.0.6 - Unauthenticated Reflected Cross-Site Scripting via Multiple Parameters
CVSS 6.1
CVE-2024-11907 MEDIUM
WordPress Skyword API Plugin <= 2.5.2 - XSS
CVSS 6.4
CVE-2024-11815 MEDIUM
Shipping with WooCommerce <= 1.3.1 - Unauthenticated Reflected XSS via printed_marked and nonprinted_marked Parameters
CVSS 6.1
CVE-2024-11686 MEDIUM
WhatsApp click to chat <= 3.0.4 - Unauthenticated Reflected Cross-Site Scripting via manycontacts_code Parameter
CVSS 6.1
CVE-2024-11328 MEDIUM
CLUEVO LMS - WordPress <1.13.2 - XSS
CVSS 6.1
Details
Vulnerabilities 45,355
Exploit Likelihood High