CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,371 vulnerabilities with CWE-79
CVE-2024-54364 HIGH
Spartac Feedpress Generator <1.2.1 - XSS
CVSS 7.1
CVE-2024-54360 MEDIUM
Gutensee <= 1.0.6 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2024-54358 HIGH
3D Avatar User Profile <= 1.0.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-12092 HIGH
3DEXPERIENCE ENOVIA Collaborative Industry Innovator R2024x - Stored Cross-Site Scripting
CVSS 8.7
CVE-2024-12091 HIGH
3DEXPERIENCE ENOVIA R2022x-R2024x - Stored Cross-Site Scripting
CVSS 8.7
CVE-2024-12090 HIGH
3DEXPERIENCE ENOVIA Collaborative Industry Innovator R2024x - Stored Cross-Site Scripting
CVSS 8.7
CVE-2024-12089 HIGH
3DEXPERIENCE ENOVIA R2022x-R2024x - Stored Cross-Site Scripting
CVSS 8.7
CVE-2024-12641 CRITICAL
TenderDocTransfer 0.41.151-0.41.157 - Unauthenticated Reflected Cross-Site Scripting via API
CVSS 9.6
CVE-2024-56112 MEDIUM
CyberPanel < 2024-11-11 - Cross-Site Scripting via plogical/phpmyadminsignin.php Token or Username
CVSS 6.1
CVE-2024-11841 MEDIUM
Tithe.ly Giving Button < 1.1 - Stored Cross-Site Scripting via Shortcode Attributes
CVSS 5.4
CVE-2024-56082 LOW
Lumos < 1.0.17 - Cross-Site Scripting via Raw HTML in Markdown
CVSS 3.5
CVE-2024-11720 HIGH
Frontend Admin by DynamiApps <3.24.5 - XSS
CVSS 7.2
CVE-2024-12628 MEDIUM
bodi0`s Easy cache < 0.8 - Authenticated Stored Cross-Site Scripting via Cache-Folder Parameter
CVSS 4.4
CVE-2024-12446 MEDIUM
Post to Pdf plugin - WordPress <1.0 - XSS
CVSS 6.4
CVE-2024-12501 MEDIUM
Simple Locator <= 2.0.3 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-12474 MEDIUM
GeoDataSource Country Region DropDown <1.0.1 - XSS
CVSS 6.4
CVE-2024-12459 MEDIUM
Ganohrs Toggle Shortcode <0.2.4 - XSS
CVSS 6.4
CVE-2024-12422 MEDIUM
WordPress Import Eventbrite Events <1.7.4 - XSS
CVSS 6.1
CVE-2024-11752 MEDIUM
Eveeno < 1.7 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-10646 HIGH
Fluent Forms < 5.2.6 - Unauthenticated Stored Cross-Site Scripting via Form Subject Parameter
CVSS 7.2
CVE-2024-12523 MEDIUM
States Map US <= 2.4.2 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-12517 MEDIUM
WooCommerce Cart Count Shortcode <1.0.4 - XSS
CVSS 6.4
CVE-2024-12502 MEDIUM
My IDX Home Search <= 2.1.1 - Authenticated Stored Cross-Site Scripting via homeasap-idx-landing Shortcode
CVSS 6.4
CVE-2024-12458 MEDIUM
Smart PopUp Blaster <= 1.4.3 - Authenticated Stored Cross-Site Scripting via 'spb-button' Shortcode
CVSS 6.4
CVE-2024-12448 MEDIUM
Posts and Products Views for WooCommerce < 2.1 - Authenticated Stored Cross-Site Scripting via papvfwc_views Shortcode
CVSS 6.4
Details
Vulnerabilities 45,371
Exploit Likelihood High