CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,369 vulnerabilities with CWE-79
CVE-2024-12100
MEDIUM
Bitcoin Lightning Publisher <1.4.1 - XSS
CVSS 6.1
CVE-2024-12096
MEDIUM
Exhibit to WP Gallery < 0.0.2 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-11885
MEDIUM
NinjaTeam Chat for Telegram <= 1.0 - Authenticated Stored Cross-Site Scripting via njtele_button Shortcode
CVSS 6.4
CVE-2024-12710
MEDIUM
WP-Appbox <= 4.5.3 - Unauthenticated Reflected Cross-Site Scripting via Page Parameter
CVSS 6.1
CVE-2024-12518
MEDIUM
ShMapper by Teplitsa <= 1.4.18 - Authenticated Stored Cross-Site Scripting via shmMap Shortcode
CVSS 6.4
CVE-2024-12507
MEDIUM
Optio Dentistry <= 2.1 - Authenticated Stored Cross-Site Scripting via optio-lightbox Shortcode
CVSS 6.4
CVE-2024-56364
MEDIUM
SimpleXLSX 1.0.12-1.1.13 - Cross-Site Scripting via toHTMLEx Method
CVSS 5.4
CVE-2024-11230
MEDIUM
Elementor Header & Footer Builder <= 1.6.46 - Authenticated Stored Cross-Site Scripting via Size Parameter
CVSS 6.4
CVE-2024-56314
MEDIUM
REDCap <= 14.9.6 - Authenticated Stored Cross-Site Scripting in Project Name Field
CVSS 5.4
CVE-2024-56313
MEDIUM
REDCap <= 14.9.6 - Authenticated Stored Cross-Site Scripting in Calendar Notes Field
CVSS 5.4
CVE-2024-56312
MEDIUM
REDCap <= 14.9.6 - Authenticated Stored Cross-Site Scripting in Project Dashboard Name
CVSS 5.4
CVE-2024-12893
LOW
Portabilis i-educar < 2.9 - Stored Cross-Site Scripting via Tipo de Usurio Page
CVSS 2.4
CVE-2024-12892
LOW
Online Exam Mastering System 1.0 - Cross-Site Scripting via sign.php name/gender/college Parameters
CVSS 3.5
CVE-2024-12883
MEDIUM
Job Recruitment 1.0 - Cross-Site Scripting via Email Parameter in _email.php
CVSS 4.3
CVE-2024-12591
MEDIUM
MagicPost - WordPress <= 1.2.1 - Authenticated Stored Cross-Site Scripting via wb_share_social Shortcode
CVSS 6.4
CVE-2024-12408
MEDIUM
WP on AWS <= 5.2.1 - Unauthenticated Reflected Cross-Site Scripting via $_POST Data
CVSS 6.1
CVE-2024-11688
MEDIUM
LaTeX2HTML plugin - WordPress <2.5.5 - XSS
CVSS 6.1
CVE-2024-10453
MEDIUM
Elementor Website Builder < 3.25.9 - Authenticated Stored Cross-Site Scripting via Typography Settings
CVSS 6.4
CVE-2024-9545
MEDIUM
Phlox theme < 2.17.0 - Authenticated Stored XSS via aux_contact_box and aux_gmaps Shortcodes
CVSS 6.4
CVE-2024-12588
MEDIUM
Shortcodes and extra features for Phlox theme < 2.17.3 - Authenticated Stored Cross-Site Scripting via Staff Widget
CVSS 6.4
CVE-2024-11808
MEDIUM
Pingmeter Uptime Monitoring <1.0.3 - XSS
CVSS 6.1
CVE-2024-12697
MEDIUM
real.Kit <= 5.1.1 - Authenticated Stored Cross-Site Scripting
CVSS 6.4
CVE-2024-12262
MEDIUM
Ebook Store <= 5.8001 - Unauthenticated Reflected Cross-Site Scripting via Step Parameter
CVSS 6.1
CVE-2024-11975
MEDIUM
Reactflow Visitor Recording and Heatmaps - CSRF
CVSS 6.1
CVE-2024-11938
MEDIUM
One Click Upsell Funnel for WooCommerce < 3.4.9 - Authenticated Stored XSS via wps_wocuf_pro_yes Shortcode
CVSS 6.4
Details
Vulnerabilities
45,369
Exploit Likelihood
High