CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,364 vulnerabilities with CWE-79
CVE-2024-11830 MEDIUM
Flipbook PDF Viewer < 2.3.52 - Authenticated Stored XSS via Outline Settings
CVSS 6.4
CVE-2024-12328 MEDIUM
MAS Elementor < 1.1.7 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-12045 MEDIUM
Essential Blocks < 5.0.9 - Authenticated Stored Cross-Site Scripting via Google Maps Block Marker Title
CVSS 4.4
CVE-2024-8002 MEDIUM
VIWIS LMS 9.11 - Cross-Site Scripting via File Upload Filename
CVSS 4.3
CVE-2024-12852 MEDIUM
Happy Addons for Elementor <= 3.15.1 - Authenticated Stored XSS via 'ha_cmc_text' Parameter
CVSS 6.4
CVE-2024-12851 MEDIUM
Element Pack Elementor Addons < 5.10.14 - Authenticated Stored XSS via Cookie Consent Widget
CVSS 6.4
CVE-2024-12585 MEDIUM
Property Hive < 2.1.1 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-10151 MEDIUM
Auto iFrame < 2.0 - Stored Cross-Site Scripting via Shortcode Attributes
CVSS 5.4
CVE-2024-12205 MEDIUM
Themesflat Addons For Elementor < 2.2.4 - Authenticated Stored Cross-Site Scripting via TF E Slider Widget
CVSS 6.4
CVE-2024-12521 MEDIUM
Slotti Ajanvaraus <= 1.3.1 - Authenticated Stored Cross-Site Scripting via 'slotti-embed-ga' Shortcode
CVSS 6.4
CVE-2024-12112 MEDIUM
Easy Form Builder - WordPress <3.8.8 - XSS
CVSS 6.4
CVE-2024-11916 HIGH
WP Extended <3.0.11 - Info Disclosure
CVSS 7.4
CVE-2024-55218 MEDIUM
IceWarp Server 10.2.1 - Cross-Site Scripting via Meta Parameter
CVSS 6.1
CVE-2024-50659 MEDIUM
iPublish Media Solutions AdPortal 3.0.39 - Cross-Site Scripting via shippingAsBilling Parameter
CVSS 6.1
CVE-2024-40748 HIGH
Joomla! 3.9.0 through 3.10.20 and 4.0.0 through 4.4.10 - Cross-Site Scripting
CVSS 7.5
CVE-2024-40747 MEDIUM
Joomla! 4.0.0-4.4.9 - Cross-Site Scripting in Module Chromes
CVSS 6.1
CVE-2024-56056 HIGH
SimpleCharm <= 1.4.3 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-12738 MEDIUM
User Profile Builder < 3.12.9 - Unauthenticated Stored Cross-Site Scripting via User Meta Parameters
CVSS 6.1
CVE-2024-11826 MEDIUM
Quill Forms < 3.10.0 - Authenticated Stored Cross-Site Scripting via quillforms-popup Shortcode
CVSS 6.4
CVE-2024-56299 HIGH
Pektsekye Notify Odoo <= 1.0.0 - Stored Cross-Site Scripting
CVSS 7.1
CVE-2024-56298 MEDIUM
5 Star Plugins Pretty Simple Popup Builder <1.0.9 - XSS
CVSS 5.9
CVE-2024-56297 MEDIUM
Highlight <= 2.0.2 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2024-56296 HIGH
Mang Board WP <= 1.8.4 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-56293 MEDIUM
nasirahmed Advanced Form Integration <1.95.0 - XSS
CVSS 5.9
CVE-2024-56292 MEDIUM
wpdevelop oplugins Email Reminders <2.0.5 - XSS
CVSS 5.9
Details
Vulnerabilities 45,364
Exploit Likelihood High