CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,369 vulnerabilities with CWE-79
CVE-2024-56507
MEDIUM
LinkAce < 1.15.6 - Reflected Cross-Site Scripting via Edit Link URL Field
CVSS 4.6
CVE-2024-12983
LOW
Hospital Management System 1.0 - Cross-Site Scripting via Doctor Name Parameter
CVSS 2.4
CVE-2024-56527
HIGH
TCPDF < 6.8.0 - Cross-Site Scripting via Error Function
CVSS 7.5
CVE-2024-12982
LOW
PHPGurukul Blood Bank & Donor Management System 2.4 - Cross-Site Scripting via Address Parameter
CVSS 2.4
CVE-2024-11921
MEDIUM
GiveWP < 3.19.0 - Reflected Cross-Site Scripting
CVSS 4.8
CVE-2024-11645
MEDIUM
float block < 1.7 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 4.8
CVE-2024-11644
MEDIUM
WP-SVG < 0.9 - Stored Cross-Site Scripting via Shortcode Attributes
CVSS 5.9
CVE-2024-11605
MEDIUM
wp-publications < 1.2 - Authenticated Stored Cross-Site Scripting via Filename Output
CVSS 4.8
CVE-2024-56519
HIGH
TCPDF < 6.8.0 - Cross-Site Scripting via SVG font-family Attribute
CVSS 7.5
CVE-2024-12980
MEDIUM
Job Recruitment 1.0 - Cross-Site Scripting via fname/lname Argument in fln_update Function
CVSS 4.3
CVE-2024-12979
MEDIUM
Job Recruitment 1.0 - Cross-Site Scripting via cname Argument in cn_update Function
CVSS 4.3
CVE-2024-56361
MEDIUM
LGSL < 7.0.0 - Stored Cross-Site Scripting via HTTP Crawler in lgsl_query_40
CVE-2024-56510
MEDIUM
marp-core 3.0.2-3.9.0 and 4.0.0 - Cross-Site Scripting via Improper HTML Sanitization
CVSS 5.3
CVE-2024-11223
MEDIUM
WPForms < 1.9.2.3 - Authenticated Stored Cross-Site Scripting in Settings
CVSS 4.7
CVE-2024-12933
LOW
code-projects Simple Admin Panel 1.0 - Cross-Site Scripting via updateItemController.php p_name/p_desc Parameters
CVSS 3.5
CVE-2024-12932
LOW
code-projects Simple Admin Panel 1.0 - Cross-Site Scripting via addSizeController.php Size Argument
CVSS 3.5
CVE-2024-12930
LOW
code-projects Simple Admin Panel 1.0 - Cross-Site Scripting via c_name Parameter in addCatController.php
CVSS 3.5
CVE-2024-10858
MEDIUM
Jetpack < 14.1 - DOM-Based Cross-Site Scripting via PostMessage Origin Bypass
CVSS 6.1
CVE-2024-12268
MEDIUM
Responsive Blocks - WordPress Gutenberg Blocks <= 1.9.7 - Authenticated Stored Cross-Site Scripting via Portfolio Block
CVSS 6.4
CVE-2024-8721
MEDIUM
Tracking Code Manager <= 2.3.0 - Authenticated Stored Cross-Site Scripting via Tracking Code Field
CVSS 6.4
CVE-2024-12468
MEDIUM
WP Datepicker <= 2.1.4 - Unauthenticated Reflected Cross-Site Scripting via wpdp_get_selected_datepicker Parameter
CVSS 6.1
CVE-2024-11896
MEDIUM
Text Prompter - Unlimited chatgpt text prompts for openai tasks <1....
CVSS 6.4
CVE-2024-12814
MEDIUM
WordPress Loan Comparison <2.0 - XSS
CVSS 6.4
CVE-2024-12622
MEDIUM
WordPress Simple Shopping Cart <5.0.7 - XSS
CVSS 6.4
CVE-2024-12405
MEDIUM
WordPress Export Customers Data <1.2.3 - XSS
CVSS 6.1
Details
Vulnerabilities
45,369
Exploit Likelihood
High