CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,371 vulnerabilities with CWE-79
CVE-2024-11878 MEDIUM
Category Post Slider <= 1.4 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-11806 MEDIUM
PKT1 Centro de envios plugin <1.2.1 - XSS
CVSS 6.1
CVE-2024-11784 MEDIUM
TicketSource Ticket Shop <3.0.2 - XSS
CVSS 6.4
CVE-2024-11783 MEDIUM
Financial Calculator < 2.2.1 - Authenticated Stored Cross-Site Scripting via finance_calculator Shortcode
CVSS 6.4
CVE-2024-11775 MEDIUM
Particle Background <= 1.0.2 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-11774 MEDIUM
Outdooractive Embed <= 1.5 - Authenticated Stored Cross-Site Scripting via 'list2go' Shortcode
CVSS 6.4
CVE-2024-11411 MEDIUM
Spotlightr <= 0.1.11 - Authenticated Stored Cross-Site Scripting via spotlightr-v Shortcode
CVSS 6.4
CVE-2024-11331 MEDIUM
استخراج محصولات ووکامرس برای آیسی 2.1.3 - XSS
CVSS 6.1
CVE-2024-8968 MEDIUM
MaxButtons < 9.8.1 - Authenticated Stored Cross-Site Scripting in Plugin Settings
CVSS 4.7
CVE-2024-5955 MEDIUM
Trellix ePolicy Orchestrator <5.10 SP1U3 - XSS
CVSS 5.4
CVE-2024-11108 MEDIUM
Serious Slider < 1.2.7 - Stored Cross-Site Scripting via Shortcode Attributes
CVSS 5.4
CVE-2024-10706 MEDIUM
Download Manager < 3.3.03 - Authenticated Stored Cross-Site Scripting in Settings
CVSS 4.8
CVE-2024-10555 MEDIUM
MaxButtons < 9.8.1 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 4.8
CVE-2024-11776 MEDIUM
PCRecruiter Extensions <1.4.10 - XSS
CVSS 6.4
CVE-2024-52794 MEDIUM
Discourse - Cross-Site Scripting via Lightbox Thumbnail Click
CVSS 6.8
CVE-2024-12790 LOW
Hostel Management Site 1.0 - Cross-Site Scripting in room-details.php
CVSS 3.5
CVE-2024-47093 HIGH
Nagvis < 1.9.42 - Cross-Site Scripting
CVSS 8.8
CVE-2024-9101 LOW
phpLDAPadmin 1.2.1-1.2.6.7 - Reflected Cross-Site Scripting via Entry Chooser Element Parameter
CVE-2024-12783 LOW
Vehicle Management System 1.0 - Cross-Site Scripting via billaction.php Extra-Cost Parameter
CVSS 3.5
CVE-2024-37962 MEDIUM
Agency Dominion Fusion <1.6.1 - XSS
CVSS 6.5
CVE-2024-12626 CRITICAL
AutomatorWP - WordPress <5.0.9 - XSS
CVSS 9.6
CVE-2024-56115 MEDIUM
amiro.cms < 7.8.4 - Cross-Site Scripting
CVSS 6.1
CVE-2024-55239 MEDIUM
Portabilis i-educar 2.9 - Reflected Cross-Site Scripting via 'titulo_documento' Parameter
CVSS 5.4
CVE-2024-55492 MEDIUM
Winmail Server 4.4 - Cross-Site Scripting via f_user Parameter
CVSS 6.1
CVE-2024-41752 MEDIUM
IBM Cognos Analytics 11.2.0-11.2.4 and 12.0.0-12.0.3 - HTML Injection
CVSS 5.4
Details
Vulnerabilities 45,371
Exploit Likelihood High