CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,390 vulnerabilities with CWE-79
CVE-2024-9608 MEDIUM
MyParcel <= 4.24.1 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg
CVSS 6.1
CVE-2024-11827 MEDIUM
Out of the Block: OpenStreetMap <= 2.8.3 - Authenticated Stored Cross-Site Scripting via ootb_query Shortcode
CVSS 6.4
CVE-2024-12465 MEDIUM
Property Hive Stamp Duty Calculator <1.0.22 - XSS
CVSS 6.4
CVE-2024-12042 MEDIUM
MStore API < 4.16.4 - Authenticated Stored Cross-Site Scripting via Profile Picture Upload
CVSS 5.4
CVE-2024-11910 MEDIUM
WP Crowdfunding <= 2.1.15 - Authenticated Stored Cross-Site Scripting via Search Block
CVSS 6.4
CVE-2024-11832 MEDIUM
Beaver Builder - WordPress Page Builder <2.8.4.4 - XSS
CVSS 6.4
CVE-2024-11754 MEDIUM
Booking System Trafft <= 1.0.6 - Authenticated Stored Cross-Site Scripting via 'trafftbooking' Shortcode
CVSS 6.4
CVE-2024-12581 MEDIUM
Gutenberg Blocks with AI by Kadence WP < 3.2.54 - Authenticated Stored Cross-Site Scripting via Admin Settings
CVSS 4.4
CVE-2024-10939 MEDIUM
Image Widget < 4.4.11 - Authenticated Stored Cross-Site Scripting in Widget Settings
CVSS 4.8
CVE-2024-10678 MEDIUM
Ultimate Blocks < 3.2.4 - Stored Cross-Site Scripting via Block Options
CVSS 5.4
CVE-2024-12574 MEDIUM
SVG Shortcode <= 1.0.1 - Unauthenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 5.4
CVE-2024-11809 MEDIUM
Primer MyData for Woocommerce <4.2.1 - XSS
CVSS 6.1
CVE-2024-11767 MEDIUM
NewsmanApp <= 2.7.6 - Authenticated Stored Cross-Site Scripting via newsman_subscribe_widget Shortcode
CVSS 6.4
CVE-2024-55878 MEDIUM
SimpleXLSX 1.0.12-1.1.12 - Cross-Site Scripting via toHTMLEx Method
CVSS 6.8
CVE-2024-47947 MEDIUM
Scan2Net < 7.40 - Stored Cross-Site Scripting in Edit Disclaimer Text Function
CVSS 4.7
CVE-2024-36498 MEDIUM
Scan2Net 7.40-7.42 - Authenticated Stored Cross-Site Scripting via Edit Disclaimer Text
CVSS 4.7
CVE-2024-36494 MEDIUM
Scan2Net < 7.42B - Stored Cross-Site Scripting via -tsetup+-uuser Parameter
CVSS 4.7
CVE-2024-28142 MEDIUM
Scan2Net < 7.40 - Unauthenticated Stored Cross-Site Scripting via File Name Parameter
CVSS 4.7
CVE-2024-12271 MEDIUM
360 Javascript Viewer <1.7.29 - XSS
CVSS 4.4
CVE-2024-8179 MEDIUM
GitLab 17.3-17.4.5, 17.5-17.5.3, 17.6-17.6.1 - Cross-Site Scripting when CSP Disabled
CVSS 5.4
CVE-2024-12160 MEDIUM
Seraphinite Bulk Discounts - WooCommerce <2.4.6 - XSS
CVSS 6.1
CVE-2024-11760 MEDIUM
Currency Converter Widget PRO <1.0.6 - XSS
CVSS 6.4
CVE-2024-11727 MEDIUM
NotificationX < 2.9.3 - Authenticated Stored Cross-Site Scripting via Notification Content Settings
CVSS 4.4
CVE-2024-10784 MEDIUM
Unlimited Elements For Elementor < 1.5.127 - Authenticated Stored Cross-Site Scripting via Tile Gallery Widget
CVSS 6.4
CVE-2024-10583 MEDIUM
Popup Maker < 1.20.3 - Authenticated Stored Cross-Site Scripting via Post Title Parameter
CVSS 5.4
Details
Vulnerabilities 45,390
Exploit Likelihood High