CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,369 vulnerabilities with CWE-79
CVE-2024-56411 MEDIUM
PhpSpreadsheet <3.7.0, 2.3.5, 2.1.6, 1.29.7 - XSS
CVSS 5.4
CVE-2024-56410 MEDIUM
PhpSpreadsheet <3.7.0, 2.3.5, 2.1.6, 1.29.7 - XSS
CVSS 5.4
CVE-2024-56409 MEDIUM
PhpSpreadsheet <3.7.0, <2.3.5, <2.1.6, <1.29.7 - XSS
CVSS 5.4
CVE-2024-56366 MEDIUM
PhpSpreadsheet <3.7.0, <2.3.5, <2.1.6, <1.29.7 - XSS
CVSS 5.4
CVE-2024-56365 MEDIUM
PhpSpreadsheet <3.7.0, 2.3.5, 2.1.6, 1.29.7 - XSS
CVSS 5.4
CVE-2024-56408 MEDIUM
PhpSpreadsheet <3.7.0, 2.3.5, 2.1.6, 1.29.7 - XSS
CVSS 5.4
CVE-2024-48197 MEDIUM
Audiocodes MP-202b 4.4.3 - Cross-Site Scripting via Login Page
CVSS 4.7
CVE-2024-56199 MEDIUM
phpMyFAQ 3.2.10-4.0.2 - Stored Cross-Site Scripting in FAQ Editor
CVSS 5.2
CVE-2024-55541 MEDIUM
Acronis Cyber Protect < 16 build 39169 - Stored Cross-Site Scripting via postMessage Origin Validation Bypass
CVSS 6.1
CVE-2024-12907 MEDIUM
Kentico CMS 7 - Reflected Cross-Site Scripting via AccessDenied.aspx GET Parameter
CVE-2024-56268 MEDIUM
WP Hait Post Grid Elementor Addon <2.0.18 - XSS
CVSS 6.5
CVE-2024-56257 MEDIUM
CoolPlugins Coins MarketCap <5.5.8 - XSS
CVSS 6.5
CVE-2024-56014 HIGH
Markyis Cool Olivia <= 0.9.5 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-56302 MEDIUM
ConvertCalculator for WordPress <= 1.1.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-56267 HIGH
Fla-shop.com Interactive UK Map <3.4.8 - XSS
CVSS 7.1
CVE-2024-56263 MEDIUM
GS Shots for Dribbble <= 1.2.0 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2024-56262 MEDIUM
GS Coaches <= 1.1.0 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-56261 MEDIUM
GS Plugins Project Showcase <1.1.1 - XSS
CVSS 6.5
CVE-2024-56260 MEDIUM
StorePlugin ShopElement <= 2.0.0 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-56259 MEDIUM
GeoDirectory <= 2.3.84 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-56258 MEDIUM
WPBlockArt Magazine Blocks <1.3.20 - XSS
CVSS 6.5
CVE-2024-56254 MEDIUM
Move Addons for Elementor <= 1.3.6 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-56252 MEDIUM
themelooks Enter Addons <= 2.1.9 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-56246 MEDIUM
POSIMYTH Nexter Blocks <4.0.4 - XSS
CVSS 6.5
CVE-2024-56245 MEDIUM
Leap13 Premium Blocks - Gutenberg Blocks for WordPress <2.1.42 - XSS
CVSS 6.5
Details
Vulnerabilities 45,369
Exploit Likelihood High