CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,390 vulnerabilities with CWE-79
CVE-2024-9608
MEDIUM
MyParcel <= 4.24.1 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg
CVSS 6.1
CVE-2024-11827
MEDIUM
Out of the Block: OpenStreetMap <= 2.8.3 - Authenticated Stored Cross-Site Scripting via ootb_query Shortcode
CVSS 6.4
CVE-2024-12465
MEDIUM
Property Hive Stamp Duty Calculator <1.0.22 - XSS
CVSS 6.4
CVE-2024-12042
MEDIUM
MStore API < 4.16.4 - Authenticated Stored Cross-Site Scripting via Profile Picture Upload
CVSS 5.4
CVE-2024-11910
MEDIUM
WP Crowdfunding <= 2.1.15 - Authenticated Stored Cross-Site Scripting via Search Block
CVSS 6.4
CVE-2024-11832
MEDIUM
Beaver Builder - WordPress Page Builder <2.8.4.4 - XSS
CVSS 6.4
CVE-2024-11754
MEDIUM
Booking System Trafft <= 1.0.6 - Authenticated Stored Cross-Site Scripting via 'trafftbooking' Shortcode
CVSS 6.4
CVE-2024-12581
MEDIUM
Gutenberg Blocks with AI by Kadence WP < 3.2.54 - Authenticated Stored Cross-Site Scripting via Admin Settings
CVSS 4.4
CVE-2024-10939
MEDIUM
Image Widget < 4.4.11 - Authenticated Stored Cross-Site Scripting in Widget Settings
CVSS 4.8
CVE-2024-10678
MEDIUM
Ultimate Blocks < 3.2.4 - Stored Cross-Site Scripting via Block Options
CVSS 5.4
CVE-2024-12574
MEDIUM
SVG Shortcode <= 1.0.1 - Unauthenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 5.4
CVE-2024-11809
MEDIUM
Primer MyData for Woocommerce <4.2.1 - XSS
CVSS 6.1
CVE-2024-11767
MEDIUM
NewsmanApp <= 2.7.6 - Authenticated Stored Cross-Site Scripting via newsman_subscribe_widget Shortcode
CVSS 6.4
CVE-2024-55878
MEDIUM
SimpleXLSX 1.0.12-1.1.12 - Cross-Site Scripting via toHTMLEx Method
CVSS 6.8
CVE-2024-47947
MEDIUM
Scan2Net < 7.40 - Stored Cross-Site Scripting in Edit Disclaimer Text Function
CVSS 4.7
CVE-2024-36498
MEDIUM
Scan2Net 7.40-7.42 - Authenticated Stored Cross-Site Scripting via Edit Disclaimer Text
CVSS 4.7
CVE-2024-36494
MEDIUM
Scan2Net < 7.42B - Stored Cross-Site Scripting via -tsetup+-uuser Parameter
CVSS 4.7
CVE-2024-28142
MEDIUM
Scan2Net < 7.40 - Unauthenticated Stored Cross-Site Scripting via File Name Parameter
CVSS 4.7
CVE-2024-12271
MEDIUM
360 Javascript Viewer <1.7.29 - XSS
CVSS 4.4
CVE-2024-8179
MEDIUM
GitLab 17.3-17.4.5, 17.5-17.5.3, 17.6-17.6.1 - Cross-Site Scripting when CSP Disabled
CVSS 5.4
CVE-2024-12160
MEDIUM
Seraphinite Bulk Discounts - WooCommerce <2.4.6 - XSS
CVSS 6.1
CVE-2024-11760
MEDIUM
Currency Converter Widget PRO <1.0.6 - XSS
CVSS 6.4
CVE-2024-11727
MEDIUM
NotificationX < 2.9.3 - Authenticated Stored Cross-Site Scripting via Notification Content Settings
CVSS 4.4
CVE-2024-10784
MEDIUM
Unlimited Elements For Elementor < 1.5.127 - Authenticated Stored Cross-Site Scripting via Tile Gallery Widget
CVSS 6.4
CVE-2024-10583
MEDIUM
Popup Maker < 1.20.3 - Authenticated Stored Cross-Site Scripting via Post Title Parameter
CVSS 5.4
Details
Vulnerabilities
45,390
Exploit Likelihood
High