CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,364 vulnerabilities with CWE-79
CVE-2024-12491 MEDIUM
SimplyRETS Real Estate IDX <2.11.2 - XSS
CVSS 6.4
CVE-2024-12394 MEDIUM
Action Network plugin - WordPress <1.4.4 - CSRF
CVSS 6.1
CVE-2024-12285 MEDIUM
SEMA API plugin - WordPress <5.27 - XSS
CVSS 6.1
CVE-2024-12222 MEDIUM
Deliver via Shipos for WooCommerce <2.1.7 - XSS
CVSS 6.1
CVE-2024-12122 MEDIUM
ResAds <= 2.0.6 - Unauthenticated Reflected Cross-Site Scripting via Multiple Parameters
CVSS 6.1
CVE-2024-11907 MEDIUM
WordPress Skyword API Plugin <= 2.5.2 - XSS
CVSS 6.4
CVE-2024-11815 MEDIUM
Shipping with WooCommerce <= 1.3.1 - Unauthenticated Reflected XSS via printed_marked and nonprinted_marked Parameters
CVSS 6.1
CVE-2024-11686 MEDIUM
WhatsApp click to chat <= 3.0.4 - Unauthenticated Reflected Cross-Site Scripting via manycontacts_code Parameter
CVSS 6.1
CVE-2024-11328 MEDIUM
CLUEVO LMS - WordPress <1.13.2 - XSS
CVSS 6.1
CVE-2024-13153 MEDIUM
Unlimited Elements For Elementor <1.5.135 - XSS
CVSS 6.4
CVE-2024-12736 MEDIUM
BU Section Editing < 0.9.9 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-12731 MEDIUM
Aklamator INfeed < 2.0.0 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-12717 MEDIUM
Aklamator INfeed < 2.0.0 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 4.8
CVE-2024-12715 MEDIUM
Asgard Security Scanner < 0.7 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-12714 MEDIUM
Backlink Monitoring Manager < 0.1.3 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-10815 MEDIUM
PostLists < 2.0.2 - Reflected Cross-Site Scripting via REQUEST_URI Parameter
CVSS 4.2
CVE-2024-13213 LOW
SingMR HouseRent 1.0 - Cross-Site Scripting via /toAdminUpdateHousePage hID Parameter
CVSS 3.5
CVE-2024-13209 LOW
Redaxo CMS 5.18.1 - Cross-Site Scripting via Article Name Parameter
CVSS 2.4
CVE-2024-13205 LOW
kurniaramadhan E-Commerce-PHP 1.0 - Stored Cross-Site Scripting via Create Product Page Name Parameter
CVSS 2.4
CVE-2024-13202 LOW
wander-chu SpringBoot-Blog 1.0 - XSS
CVSS 2.4
CVE-2024-13199 LOW
Langhsu Mblog Blog System 3.5.0 - XSS
CVSS 3.5
CVE-2024-13197 LOW
donglight bookstore 1.0.0 - Cross-Site Scripting in AdminUserController updateUser Function
CVSS 3.5
CVE-2024-13196 LOW
donglight bookstore 1.0.0 - Cross-Site Scripting via BookSearchList Keywords Parameter
CVSS 3.5
CVE-2024-13192 LOW
ZeroWdd myblog 1.0 - Cross-Site Scripting in BlogController Update Function
CVSS 3.5
CVE-2024-12337 MEDIUM
Shipping via Planzer for WooCommerce <1.0.25 - XSS
CVSS 6.1
Details
Vulnerabilities 45,364
Exploit Likelihood High