CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,364 vulnerabilities with CWE-79
CVE-2024-11810 MEDIUM
PayGreen Payment Gateway plugin - XSS
CVSS 6.1
CVE-2024-11690 MEDIUM
Financial Stocks & Crypto Market Data Plugin <1.10.3 - XSS
CVSS 6.1
CVE-2024-11445 MEDIUM
Image Magnify <= 1.1 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-11434 MEDIUM
WP - Bulk SMS - by SMS.to <1.0.12 - XSS
CVSS 6.1
CVE-2024-11383 MEDIUM
CC Canadian Mortgage Calculator <2.1.0 - XSS
CVSS 6.4
CVE-2024-11382 MEDIUM
Common Ninja WordPress Plugin <= 1.1.0 - Authenticated Stored XSS via 'commonninja' Shortcode
CVSS 6.4
CVE-2024-11378 MEDIUM
Bizapp for WooCommerce <2.0.8 - XSS
CVSS 6.1
CVE-2024-11377 MEDIUM
WordPress Automate Hub Free <1.7.0 - XSS
CVSS 6.1
CVE-2024-11375 MEDIUM
WC1C <= 0.23.0 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg
CVSS 6.1
CVE-2024-11363 MEDIUM
WordPress Related Posts by Taxonomy <=1.0.16 - XSS
CVSS 6.1
CVE-2024-11338 MEDIUM
PIXNET Plugin <= 2.9.10 - Authenticated Stored Cross-Site Scripting via gtm and venue Parameters
CVSS 6.4
CVE-2024-11337 MEDIUM
Horoscope And Tarot < 1.3.0 - Authenticated Stored Cross-Site Scripting via divine_horoscope Shortcode
CVSS 6.4
CVE-2024-12592 MEDIUM
Sellsy < 2.3.3 - Authenticated Stored Cross-Site Scripting via testSellsy Shortcode
CVSS 6.4
CVE-2024-12590 MEDIUM
WP Youtube Gallery <= 1.9 - Authenticated Stored Cross-Site Scripting via ID Parameter
CVSS 6.4
CVE-2024-12528 MEDIUM
WordPress Survey & Poll Plugin <= 1.7.5 - Authenticated Stored XSS via wpsurveypoll_results Shortcode
CVSS 6.4
CVE-2024-12098 MEDIUM
ARS Affiliate Page Plugin <2.0.2 - XSS
CVSS 6.1
CVE-2024-11934 MEDIUM
Formaloo Form Maker & Customer Analytics - XSS
CVSS 6.4
CVE-2024-11899 MEDIUM
Slider Pro Lite <= 1.4.1 - Authenticated Stored Cross-Site Scripting via sliderpro Shortcode
CVSS 6.4
CVE-2024-11777 MEDIUM
Sell Media <= 2.5.8.5 - Authenticated Stored Cross-Site Scripting via Gutenberg Shortcode
CVSS 6.4
CVE-2024-55074 HIGH
grocy < 4.3.0 - Stored Cross-Site Scripting via Profile Picture Upload
CVSS 8.8
CVE-2024-46209 MEDIUM
REDAXO CMS 5.17.1 - Stored Cross-Site Scripting via Password Parameter in /media/test.html
CVSS 5.4
CVE-2024-35498 MEDIUM
Grav 1.7.45 - Stored Cross-Site Scripting
CVSS 6.1
CVE-2024-46073 MEDIUM
IceHRM 32.4.0.OS - Reflected Cross-Site Scripting via Login Page Next Parameter
CVSS 6.1
CVE-2024-51472 LOW
IBM UrbanCode Deploy 7.2-7.2.3.13 and IBM DevOps Deploy 8.0-8.0.1.3 - HTML Injection in Web UI
CVSS 3.1
CVE-2024-51112 MEDIUM
pnetlab 5.3.11 - Open Redirect via Crafted Script
CVSS 6.1
Details
Vulnerabilities 45,364
Exploit Likelihood High