CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,371 vulnerabilities with CWE-79
CVE-2024-25042 MEDIUM
IBM Cognos Analytics 11.2.0-11.2.4 and 12.0.0-12.0.3 - Cross-Site Scripting in Cognos Explorations Column Headings
CVSS 5.4
CVE-2024-56016 HIGH
WPTooling Image Mapper <0.2.5.3 - XSS
CVSS 7.1
CVE-2024-56010 HIGH
Pierre Lannoy/PerfOps One Device Detector <4.2.0 - XSS
CVSS 7.1
CVE-2024-54350 HIGH
HJYL hmd < 2.0 - Stored Cross-Site Scripting
CVSS 7.1
CVE-2024-51646 HIGH
Saoshyant Element <= 1.2 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-49677 HIGH
Bootstrap Buttons <= 1.2 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-56175 MEDIUM
Optimizely Configured Commerce < 5.2.2408 - Stored Cross-Site Scripting via List Item Name Template Injection
CVSS 6.1
CVE-2024-56174 HIGH
Optimizely Configured Commerce < 5.2.2408 - Stored XSS via Search History Template Injection
CVSS 8.1
CVE-2024-56173 MEDIUM
Optimizely Configured Commerce < 5.2.2408 - Stored Cross-Site Scripting via SVG JavaScript
CVSS 4.7
CVE-2024-12449 MEDIUM
Video Share VOD - Turnkey Video Site Builder Script <2.6.30 - XSS
CVSS 6.4
CVE-2024-11254 MEDIUM
Ampforwp Accelerated Mobile Pages < 1.1.2 - XSS
CVSS 6.1
CVE-2024-12513 MEDIUM
Contests by Rewards Fuel <= 2.0.65 - Authenticated Stored Cross-Site Scripting via RF_CONTEST Shortcode
CVSS 6.4
CVE-2024-12500 MEDIUM
Philantro - Donations and Donor Management <= 5.2 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-11881 MEDIUM
Easy Waveform Player <= 1.2.0 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-11748 MEDIUM
Taeggie Feed <= 0.1.9 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-11439 MEDIUM
ScanCircle <= 2.9.2 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-55059 MEDIUM
PHPGurukul Online Birth Certificate System 1.0 - Stored Cross-Site Scripting in Certificate Form
CVSS 6.1
CVE-2024-55056 MEDIUM
Phpgurukul Online Birth Certificate System 1.0 - Stored Cross-Site Scripting via Full Name Field
CVSS 5.4
CVE-2024-11993 MEDIUM
Liferay Portal 7.4.0-7.4.3.38 and Liferay DXP 7.4 GA-Update 38 - Reflected Cross-Site Scripting via Dispatch Name Field
CVSS 6.1
CVE-2024-12395 MEDIUM
WooCommerce Additional Fees On Checkout (Free) <1.4.7 - XSS
CVSS 6.1
CVE-2024-12469 MEDIUM
WP BASE Booking <= 4.9.1 - Unauthenticated Reflected XSS via Status Parameter
CVSS 6.1
CVE-2024-12024 HIGH
EventPrime <= 4.0.7.3 - Unauthenticated Stored XSS via em_ticket_category_data & em_ticket_individual_data
CVSS 7.2
CVE-2024-55864 MEDIUM
My WP Customize Admin/Frontend <1.24.1 - XSS
CVSS 4.8
CVE-2024-12239 MEDIUM
PowerPack Lite for Beaver Builder <= 1.3.0.5 - Unauthenticated Reflected Cross-Site Scripting via Navigate Parameter
CVSS 6.1
CVE-2024-11906 MEDIUM
TPG Get Posts <= 3.6.5 - Authenticated Stored Cross-Site Scripting via tpg_get_posts Shortcode
CVSS 6.4
Details
Vulnerabilities 45,371
Exploit Likelihood High