CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,371 vulnerabilities with CWE-79
CVE-2024-54364
HIGH
Spartac Feedpress Generator <1.2.1 - XSS
CVSS 7.1
CVE-2024-54360
MEDIUM
Gutensee <= 1.0.6 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2024-54358
HIGH
3D Avatar User Profile <= 1.0.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-12092
HIGH
3DEXPERIENCE ENOVIA Collaborative Industry Innovator R2024x - Stored Cross-Site Scripting
CVSS 8.7
CVE-2024-12091
HIGH
3DEXPERIENCE ENOVIA R2022x-R2024x - Stored Cross-Site Scripting
CVSS 8.7
CVE-2024-12090
HIGH
3DEXPERIENCE ENOVIA Collaborative Industry Innovator R2024x - Stored Cross-Site Scripting
CVSS 8.7
CVE-2024-12089
HIGH
3DEXPERIENCE ENOVIA R2022x-R2024x - Stored Cross-Site Scripting
CVSS 8.7
CVE-2024-12641
CRITICAL
TenderDocTransfer 0.41.151-0.41.157 - Unauthenticated Reflected Cross-Site Scripting via API
CVSS 9.6
CVE-2024-56112
MEDIUM
CyberPanel < 2024-11-11 - Cross-Site Scripting via plogical/phpmyadminsignin.php Token or Username
CVSS 6.1
CVE-2024-11841
MEDIUM
Tithe.ly Giving Button < 1.1 - Stored Cross-Site Scripting via Shortcode Attributes
CVSS 5.4
CVE-2024-56082
LOW
Lumos < 1.0.17 - Cross-Site Scripting via Raw HTML in Markdown
CVSS 3.5
CVE-2024-11720
HIGH
Frontend Admin by DynamiApps <3.24.5 - XSS
CVSS 7.2
CVE-2024-12628
MEDIUM
bodi0`s Easy cache < 0.8 - Authenticated Stored Cross-Site Scripting via Cache-Folder Parameter
CVSS 4.4
CVE-2024-12446
MEDIUM
Post to Pdf plugin - WordPress <1.0 - XSS
CVSS 6.4
CVE-2024-12501
MEDIUM
Simple Locator <= 2.0.3 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-12474
MEDIUM
GeoDataSource Country Region DropDown <1.0.1 - XSS
CVSS 6.4
CVE-2024-12459
MEDIUM
Ganohrs Toggle Shortcode <0.2.4 - XSS
CVSS 6.4
CVE-2024-12422
MEDIUM
WordPress Import Eventbrite Events <1.7.4 - XSS
CVSS 6.1
CVE-2024-11752
MEDIUM
Eveeno < 1.7 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-10646
HIGH
Fluent Forms < 5.2.6 - Unauthenticated Stored Cross-Site Scripting via Form Subject Parameter
CVSS 7.2
CVE-2024-12523
MEDIUM
States Map US <= 2.4.2 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-12517
MEDIUM
WooCommerce Cart Count Shortcode <1.0.4 - XSS
CVSS 6.4
CVE-2024-12502
MEDIUM
My IDX Home Search <= 2.1.1 - Authenticated Stored Cross-Site Scripting via homeasap-idx-landing Shortcode
CVSS 6.4
CVE-2024-12458
MEDIUM
Smart PopUp Blaster <= 1.4.3 - Authenticated Stored Cross-Site Scripting via 'spb-button' Shortcode
CVSS 6.4
CVE-2024-12448
MEDIUM
Posts and Products Views for WooCommerce < 2.1 - Authenticated Stored Cross-Site Scripting via papvfwc_views Shortcode
CVSS 6.4
Details
Vulnerabilities
45,371
Exploit Likelihood
High