CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,390 vulnerabilities with CWE-79
CVE-2024-11750 MEDIUM
ONLYOFFICE DocSpace < 2.1.1 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-11723 MEDIUM
kvCORE IDX <= 2.3.35 - Unauthenticated Reflected Cross-Site Scripting via Shortcode Parameters
CVSS 6.1
CVE-2024-11459 MEDIUM
Country Blocker plugin - WordPress <3.2 - XSS
CVSS 6.1
CVE-2024-11410 MEDIUM
YooBar plugin <2.0.6 - XSS
CVSS 6.4
CVE-2024-11384 MEDIUM
Arena.IM <= 0.3.0 - Authenticated Stored XSS via arenablog Shortcode
CVSS 6.4
CVE-2024-10182 MEDIUM
Cognito Forms <= 2.0.7 - Authenticated Stored Cross-Site Scripting via ID Parameter
CVSS 6.4
CVE-2024-12461 MEDIUM
WP-Revive Adserver <= 2.2.1 - Authenticated Stored Cross-Site Scripting via wprevive_async Shortcode
CVSS 6.4
CVE-2024-12338 MEDIUM
Website Toolbox Community <2.0.1 - XSS
CVSS 6.1
CVE-2024-12260 MEDIUM
WordPress Ultimate Endpoints With Rest Api <2.2.2 - XSS
CVSS 6.1
CVE-2024-12258 MEDIUM
WP Service Payment Form With Authorize.net <2.6.3 - XSS
CVSS 6.1
CVE-2024-11914 MEDIUM
Gutenberg Blocks & Page Layouts - Attire Blocks <1.9.5 - XSS
CVSS 6.4
CVE-2024-11901 MEDIUM
PowerBI Embed Reports <= 1.1.7 - Authenticated Stored Cross-Site Scripting via MO_API_POWER_BI Shortcode
CVSS 6.4
CVE-2024-11683 MEDIUM
Newsletter Subscriptions <2.1 - XSS
CVSS 6.1
CVE-2024-11442 MEDIUM
Horizontal scroll image slideshow <= 10.1 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-11433 MEDIUM
Surbma | SalesAutopilot Shortcode <2.0 - XSS
CVSS 6.4
CVE-2024-11427 MEDIUM
Catch Popup <= 1.4.4 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-11413 MEDIUM
HostFact bestelformulier integratie <= 1.1 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-11279 MEDIUM
Schema App Structured Data plugin - WordPress <2.2.4 - XSS
CVSS 6.1
CVE-2024-55659 MEDIUM
SiYuan < 3.1.16 - Unauthenticated Arbitrary File Write and Stored Cross-Site Scripting via Asset Upload Endpoint
CVSS 5.4
CVE-2024-53274 MEDIUM
Habitica < 5.28.5 - Reflected Cross-Site Scripting via RedirectTo Parameter
CVSS 6.1
CVE-2024-53273 MEDIUM
Habitica < 5.28.5 - Reflected Cross-Site Scripting via RedirectTo Parameter
CVSS 6.1
CVE-2024-53272 MEDIUM
Habitica < 5.28.5 - Reflected Cross-Site Scripting via RedirectTo Parameter
CVSS 6.1
CVE-2024-12536 LOW
SourceCodester Kortex Lite Advocate Office Management System 1.0 - Cross-Site Scripting via client_data.php id Parameter
CVSS 3.5
CVE-2024-12503 LOW
ClassCMS 4.8 - Cross-Site Scripting via Model Management Page URL Parameter
CVSS 2.4
CVE-2024-50339 MEDIUM
GLPI 9.5.0-10.0.16 - Unauthenticated Session ID Exposure and Hijacking
CVSS 5.3
Details
Vulnerabilities 45,390
Exploit Likelihood High