CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,369 vulnerabilities with CWE-79
CVE-2024-12100 MEDIUM
Bitcoin Lightning Publisher <1.4.1 - XSS
CVSS 6.1
CVE-2024-12096 MEDIUM
Exhibit to WP Gallery < 0.0.2 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-11885 MEDIUM
NinjaTeam Chat for Telegram <= 1.0 - Authenticated Stored Cross-Site Scripting via njtele_button Shortcode
CVSS 6.4
CVE-2024-12710 MEDIUM
WP-Appbox <= 4.5.3 - Unauthenticated Reflected Cross-Site Scripting via Page Parameter
CVSS 6.1
CVE-2024-12518 MEDIUM
ShMapper by Teplitsa <= 1.4.18 - Authenticated Stored Cross-Site Scripting via shmMap Shortcode
CVSS 6.4
CVE-2024-12507 MEDIUM
Optio Dentistry <= 2.1 - Authenticated Stored Cross-Site Scripting via optio-lightbox Shortcode
CVSS 6.4
CVE-2024-56364 MEDIUM
SimpleXLSX 1.0.12-1.1.13 - Cross-Site Scripting via toHTMLEx Method
CVSS 5.4
CVE-2024-11230 MEDIUM
Elementor Header & Footer Builder <= 1.6.46 - Authenticated Stored Cross-Site Scripting via Size Parameter
CVSS 6.4
CVE-2024-56314 MEDIUM
REDCap <= 14.9.6 - Authenticated Stored Cross-Site Scripting in Project Name Field
CVSS 5.4
CVE-2024-56313 MEDIUM
REDCap <= 14.9.6 - Authenticated Stored Cross-Site Scripting in Calendar Notes Field
CVSS 5.4
CVE-2024-56312 MEDIUM
REDCap <= 14.9.6 - Authenticated Stored Cross-Site Scripting in Project Dashboard Name
CVSS 5.4
CVE-2024-12893 LOW
Portabilis i-educar < 2.9 - Stored Cross-Site Scripting via Tipo de Usurio Page
CVSS 2.4
CVE-2024-12892 LOW
Online Exam Mastering System 1.0 - Cross-Site Scripting via sign.php name/gender/college Parameters
CVSS 3.5
CVE-2024-12883 MEDIUM
Job Recruitment 1.0 - Cross-Site Scripting via Email Parameter in _email.php
CVSS 4.3
CVE-2024-12591 MEDIUM
MagicPost - WordPress <= 1.2.1 - Authenticated Stored Cross-Site Scripting via wb_share_social Shortcode
CVSS 6.4
CVE-2024-12408 MEDIUM
WP on AWS <= 5.2.1 - Unauthenticated Reflected Cross-Site Scripting via $_POST Data
CVSS 6.1
CVE-2024-11688 MEDIUM
LaTeX2HTML plugin - WordPress <2.5.5 - XSS
CVSS 6.1
CVE-2024-10453 MEDIUM
Elementor Website Builder < 3.25.9 - Authenticated Stored Cross-Site Scripting via Typography Settings
CVSS 6.4
CVE-2024-9545 MEDIUM
Phlox theme < 2.17.0 - Authenticated Stored XSS via aux_contact_box and aux_gmaps Shortcodes
CVSS 6.4
CVE-2024-12588 MEDIUM
Shortcodes and extra features for Phlox theme < 2.17.3 - Authenticated Stored Cross-Site Scripting via Staff Widget
CVSS 6.4
CVE-2024-11808 MEDIUM
Pingmeter Uptime Monitoring <1.0.3 - XSS
CVSS 6.1
CVE-2024-12697 MEDIUM
real.Kit <= 5.1.1 - Authenticated Stored Cross-Site Scripting
CVSS 6.4
CVE-2024-12262 MEDIUM
Ebook Store <= 5.8001 - Unauthenticated Reflected Cross-Site Scripting via Step Parameter
CVSS 6.1
CVE-2024-11975 MEDIUM
Reactflow Visitor Recording and Heatmaps - CSRF
CVSS 6.1
CVE-2024-11938 MEDIUM
One Click Upsell Funnel for WooCommerce < 3.4.9 - Authenticated Stored XSS via wps_wocuf_pro_yes Shortcode
CVSS 6.4
Details
Vulnerabilities 45,369
Exploit Likelihood High