CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,371 vulnerabilities with CWE-79
CVE-2024-25042
MEDIUM
IBM Cognos Analytics 11.2.0-11.2.4 and 12.0.0-12.0.3 - Cross-Site Scripting in Cognos Explorations Column Headings
CVSS 5.4
CVE-2024-56016
HIGH
WPTooling Image Mapper <0.2.5.3 - XSS
CVSS 7.1
CVE-2024-56010
HIGH
Pierre Lannoy/PerfOps One Device Detector <4.2.0 - XSS
CVSS 7.1
CVE-2024-54350
HIGH
HJYL hmd < 2.0 - Stored Cross-Site Scripting
CVSS 7.1
CVE-2024-51646
HIGH
Saoshyant Element <= 1.2 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-49677
HIGH
Bootstrap Buttons <= 1.2 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-56175
MEDIUM
Optimizely Configured Commerce < 5.2.2408 - Stored Cross-Site Scripting via List Item Name Template Injection
CVSS 6.1
CVE-2024-56174
HIGH
Optimizely Configured Commerce < 5.2.2408 - Stored XSS via Search History Template Injection
CVSS 8.1
CVE-2024-56173
MEDIUM
Optimizely Configured Commerce < 5.2.2408 - Stored Cross-Site Scripting via SVG JavaScript
CVSS 4.7
CVE-2024-12449
MEDIUM
Video Share VOD - Turnkey Video Site Builder Script <2.6.30 - XSS
CVSS 6.4
CVE-2024-11254
MEDIUM
Ampforwp Accelerated Mobile Pages < 1.1.2 - XSS
CVSS 6.1
CVE-2024-12513
MEDIUM
Contests by Rewards Fuel <= 2.0.65 - Authenticated Stored Cross-Site Scripting via RF_CONTEST Shortcode
CVSS 6.4
CVE-2024-12500
MEDIUM
Philantro - Donations and Donor Management <= 5.2 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-11881
MEDIUM
Easy Waveform Player <= 1.2.0 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-11748
MEDIUM
Taeggie Feed <= 0.1.9 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-11439
MEDIUM
ScanCircle <= 2.9.2 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-55059
MEDIUM
PHPGurukul Online Birth Certificate System 1.0 - Stored Cross-Site Scripting in Certificate Form
CVSS 6.1
CVE-2024-55056
MEDIUM
Phpgurukul Online Birth Certificate System 1.0 - Stored Cross-Site Scripting via Full Name Field
CVSS 5.4
CVE-2024-11993
MEDIUM
Liferay Portal 7.4.0-7.4.3.38 and Liferay DXP 7.4 GA-Update 38 - Reflected Cross-Site Scripting via Dispatch Name Field
CVSS 6.1
CVE-2024-12395
MEDIUM
WooCommerce Additional Fees On Checkout (Free) <1.4.7 - XSS
CVSS 6.1
CVE-2024-12469
MEDIUM
WP BASE Booking <= 4.9.1 - Unauthenticated Reflected XSS via Status Parameter
CVSS 6.1
CVE-2024-12024
HIGH
EventPrime <= 4.0.7.3 - Unauthenticated Stored XSS via em_ticket_category_data & em_ticket_individual_data
CVSS 7.2
CVE-2024-55864
MEDIUM
My WP Customize Admin/Frontend <1.24.1 - XSS
CVSS 4.8
CVE-2024-12239
MEDIUM
PowerPack Lite for Beaver Builder <= 1.3.0.5 - Unauthenticated Reflected Cross-Site Scripting via Navigate Parameter
CVSS 6.1
CVE-2024-11906
MEDIUM
TPG Get Posts <= 3.6.5 - Authenticated Stored Cross-Site Scripting via tpg_get_posts Shortcode
CVSS 6.4
Details
Vulnerabilities
45,371
Exploit Likelihood
High