CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,364 vulnerabilities with CWE-79
CVE-2024-11830
MEDIUM
Flipbook PDF Viewer < 2.3.52 - Authenticated Stored XSS via Outline Settings
CVSS 6.4
CVE-2024-12328
MEDIUM
MAS Elementor < 1.1.7 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-12045
MEDIUM
Essential Blocks < 5.0.9 - Authenticated Stored Cross-Site Scripting via Google Maps Block Marker Title
CVSS 4.4
CVE-2024-8002
MEDIUM
VIWIS LMS 9.11 - Cross-Site Scripting via File Upload Filename
CVSS 4.3
CVE-2024-12852
MEDIUM
Happy Addons for Elementor <= 3.15.1 - Authenticated Stored XSS via 'ha_cmc_text' Parameter
CVSS 6.4
CVE-2024-12851
MEDIUM
Element Pack Elementor Addons < 5.10.14 - Authenticated Stored XSS via Cookie Consent Widget
CVSS 6.4
CVE-2024-12585
MEDIUM
Property Hive < 2.1.1 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-10151
MEDIUM
Auto iFrame < 2.0 - Stored Cross-Site Scripting via Shortcode Attributes
CVSS 5.4
CVE-2024-12205
MEDIUM
Themesflat Addons For Elementor < 2.2.4 - Authenticated Stored Cross-Site Scripting via TF E Slider Widget
CVSS 6.4
CVE-2024-12521
MEDIUM
Slotti Ajanvaraus <= 1.3.1 - Authenticated Stored Cross-Site Scripting via 'slotti-embed-ga' Shortcode
CVSS 6.4
CVE-2024-12112
MEDIUM
Easy Form Builder - WordPress <3.8.8 - XSS
CVSS 6.4
CVE-2024-11916
HIGH
WP Extended <3.0.11 - Info Disclosure
CVSS 7.4
CVE-2024-55218
MEDIUM
IceWarp Server 10.2.1 - Cross-Site Scripting via Meta Parameter
CVSS 6.1
CVE-2024-50659
MEDIUM
iPublish Media Solutions AdPortal 3.0.39 - Cross-Site Scripting via shippingAsBilling Parameter
CVSS 6.1
CVE-2024-40748
HIGH
Joomla! 3.9.0 through 3.10.20 and 4.0.0 through 4.4.10 - Cross-Site Scripting
CVSS 7.5
CVE-2024-40747
MEDIUM
Joomla! 4.0.0-4.4.9 - Cross-Site Scripting in Module Chromes
CVSS 6.1
CVE-2024-56056
HIGH
SimpleCharm <= 1.4.3 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-12738
MEDIUM
User Profile Builder < 3.12.9 - Unauthenticated Stored Cross-Site Scripting via User Meta Parameters
CVSS 6.1
CVE-2024-11826
MEDIUM
Quill Forms < 3.10.0 - Authenticated Stored Cross-Site Scripting via quillforms-popup Shortcode
CVSS 6.4
CVE-2024-56299
HIGH
Pektsekye Notify Odoo <= 1.0.0 - Stored Cross-Site Scripting
CVSS 7.1
CVE-2024-56298
MEDIUM
5 Star Plugins Pretty Simple Popup Builder <1.0.9 - XSS
CVSS 5.9
CVE-2024-56297
MEDIUM
Highlight <= 2.0.2 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2024-56296
HIGH
Mang Board WP <= 1.8.4 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-56293
MEDIUM
nasirahmed Advanced Form Integration <1.95.0 - XSS
CVSS 5.9
CVE-2024-56292
MEDIUM
wpdevelop oplugins Email Reminders <2.0.5 - XSS
CVSS 5.9
Details
Vulnerabilities
45,364
Exploit Likelihood
High