CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,369 vulnerabilities with CWE-79
CVE-2024-56507 MEDIUM
LinkAce < 1.15.6 - Reflected Cross-Site Scripting via Edit Link URL Field
CVSS 4.6
CVE-2024-12983 LOW
Hospital Management System 1.0 - Cross-Site Scripting via Doctor Name Parameter
CVSS 2.4
CVE-2024-56527 HIGH
TCPDF < 6.8.0 - Cross-Site Scripting via Error Function
CVSS 7.5
CVE-2024-12982 LOW
PHPGurukul Blood Bank & Donor Management System 2.4 - Cross-Site Scripting via Address Parameter
CVSS 2.4
CVE-2024-11921 MEDIUM
GiveWP < 3.19.0 - Reflected Cross-Site Scripting
CVSS 4.8
CVE-2024-11645 MEDIUM
float block < 1.7 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 4.8
CVE-2024-11644 MEDIUM
WP-SVG < 0.9 - Stored Cross-Site Scripting via Shortcode Attributes
CVSS 5.9
CVE-2024-11605 MEDIUM
wp-publications < 1.2 - Authenticated Stored Cross-Site Scripting via Filename Output
CVSS 4.8
CVE-2024-56519 HIGH
TCPDF < 6.8.0 - Cross-Site Scripting via SVG font-family Attribute
CVSS 7.5
CVE-2024-12980 MEDIUM
Job Recruitment 1.0 - Cross-Site Scripting via fname/lname Argument in fln_update Function
CVSS 4.3
CVE-2024-12979 MEDIUM
Job Recruitment 1.0 - Cross-Site Scripting via cname Argument in cn_update Function
CVSS 4.3
CVE-2024-56361 MEDIUM
LGSL < 7.0.0 - Stored Cross-Site Scripting via HTTP Crawler in lgsl_query_40
CVE-2024-56510 MEDIUM
marp-core 3.0.2-3.9.0 and 4.0.0 - Cross-Site Scripting via Improper HTML Sanitization
CVSS 5.3
CVE-2024-11223 MEDIUM
WPForms < 1.9.2.3 - Authenticated Stored Cross-Site Scripting in Settings
CVSS 4.7
CVE-2024-12933 LOW
code-projects Simple Admin Panel 1.0 - Cross-Site Scripting via updateItemController.php p_name/p_desc Parameters
CVSS 3.5
CVE-2024-12932 LOW
code-projects Simple Admin Panel 1.0 - Cross-Site Scripting via addSizeController.php Size Argument
CVSS 3.5
CVE-2024-12930 LOW
code-projects Simple Admin Panel 1.0 - Cross-Site Scripting via c_name Parameter in addCatController.php
CVSS 3.5
CVE-2024-10858 MEDIUM
Jetpack < 14.1 - DOM-Based Cross-Site Scripting via PostMessage Origin Bypass
CVSS 6.1
CVE-2024-12268 MEDIUM
Responsive Blocks - WordPress Gutenberg Blocks <= 1.9.7 - Authenticated Stored Cross-Site Scripting via Portfolio Block
CVSS 6.4
CVE-2024-8721 MEDIUM
Tracking Code Manager <= 2.3.0 - Authenticated Stored Cross-Site Scripting via Tracking Code Field
CVSS 6.4
CVE-2024-12468 MEDIUM
WP Datepicker <= 2.1.4 - Unauthenticated Reflected Cross-Site Scripting via wpdp_get_selected_datepicker Parameter
CVSS 6.1
CVE-2024-11896 MEDIUM
Text Prompter - Unlimited chatgpt text prompts for openai tasks <1....
CVSS 6.4
CVE-2024-12814 MEDIUM
WordPress Loan Comparison <2.0 - XSS
CVSS 6.4
CVE-2024-12622 MEDIUM
WordPress Simple Shopping Cart <5.0.7 - XSS
CVSS 6.4
CVE-2024-12405 MEDIUM
WordPress Export Customers Data <1.2.3 - XSS
CVSS 6.1
Details
Vulnerabilities 45,369
Exploit Likelihood High