CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,364 vulnerabilities with CWE-79
CVE-2024-56289 HIGH
Groundhogg <= 3.7.3.3 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-56288 MEDIUM
WP Docs <= 2.2.1 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2024-56287 MEDIUM
WP jQuery DataTable <= 4.0.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-56285 MEDIUM
WPBITS Addons For Elementor Page Builder <= 1.5.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-56274 MEDIUM
Astra Widgets <= 1.2.15 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-51700 HIGH
NAVER Analytics <= 0.9 - Stored Cross-Site Scripting
CVSS 7.1
CVE-2024-49633 HIGH
Designinvento DirectoryPress <3.6.19 - XSS
CVSS 7.1
CVE-2024-12699 MEDIUM
Service Box <= 1.9 - Authenticated Stored Cross-Site Scripting
CVSS 6.4
CVE-2024-12516 MEDIUM
Coupon Plugin <= 1.2.1 - Authenticated Stored Cross-Site Scripting via Coupon Code Parameter
CVSS 6.4
CVE-2024-12077 MEDIUM
Booking Calendar & Pro <3.2.19-11.2.19 - XSS
CVSS 6.1
CVE-2024-11626 HIGH
Progress Sitefinity 4.0-15.2.8421 - Stored XSS in CMS Backend
CVSS 8.4
CVE-2024-9502 MEDIUM
Master Addons - Elementor Addons < 2.0.6.7 - Authenticated Stored Cross-Site Scripting in Tooltip Module
CVSS 6.4
CVE-2024-9354 MEDIUM
Estatik Mortgage Calculator <2.0.11 - XSS
CVSS 6.1
CVE-2024-12624 MEDIUM
Sina Extension for Elementor <= 3.5.91 - Authenticated Stored Cross-Site Scripting via Sina Image Differ Widget
CVSS 6.4
CVE-2024-12499 MEDIUM
WP jQuery DataTable <= 4.0.1 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-12495 MEDIUM
Bootstrap Blocks for WP Editor v2 <2.5.0 - XSS
CVSS 6.4
CVE-2024-12437 MEDIUM
WordPress Marketplace Items <1.5.5 - XSS
CVSS 6.4
CVE-2024-11764 MEDIUM
Solar Wizard Lite <= 1.2.4 - Authenticated Stored Cross-Site Scripting via solar_wizard Shortcode
CVSS 6.4
CVE-2024-9702 MEDIUM
Social Rocket <= 1.3.4 - Authenticated Stored XSS via socialrocket-floating Shortcode
CVSS 6.4
CVE-2024-9638 MEDIUM
Category Posts Widget < 4.9.18 - Authenticated Stored Cross-Site Scripting in Plugin Settings
CVSS 4.8
CVE-2024-8857 MEDIUM
WordPress Auction Plugin < 3.7 - Stored Cross-Site Scripting via Unsanitized Settings
CVSS 4.8
CVE-2024-12633 HIGH
JoomSport for Sports <= 5.6.17 - Unauthenticated Reflected XSS via Page Parameter
CVSS 7.1
CVE-2024-12464 MEDIUM
Chatroll Live Chat <= 2.5.0 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-12440 MEDIUM
Candifly <= 1.0.6 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-12439 MEDIUM
WordPress Marketplace Items <1.5.5 - XSS
CVSS 6.4
Details
Vulnerabilities 45,364
Exploit Likelihood High