CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,390 vulnerabilities with CWE-79
CVE-2024-11750
MEDIUM
ONLYOFFICE DocSpace < 2.1.1 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-11723
MEDIUM
kvCORE IDX <= 2.3.35 - Unauthenticated Reflected Cross-Site Scripting via Shortcode Parameters
CVSS 6.1
CVE-2024-11459
MEDIUM
Country Blocker plugin - WordPress <3.2 - XSS
CVSS 6.1
CVE-2024-11410
MEDIUM
YooBar plugin <2.0.6 - XSS
CVSS 6.4
CVE-2024-11384
MEDIUM
Arena.IM <= 0.3.0 - Authenticated Stored XSS via arenablog Shortcode
CVSS 6.4
CVE-2024-10182
MEDIUM
Cognito Forms <= 2.0.7 - Authenticated Stored Cross-Site Scripting via ID Parameter
CVSS 6.4
CVE-2024-12461
MEDIUM
WP-Revive Adserver <= 2.2.1 - Authenticated Stored Cross-Site Scripting via wprevive_async Shortcode
CVSS 6.4
CVE-2024-12338
MEDIUM
Website Toolbox Community <2.0.1 - XSS
CVSS 6.1
CVE-2024-12260
MEDIUM
WordPress Ultimate Endpoints With Rest Api <2.2.2 - XSS
CVSS 6.1
CVE-2024-12258
MEDIUM
WP Service Payment Form With Authorize.net <2.6.3 - XSS
CVSS 6.1
CVE-2024-11914
MEDIUM
Gutenberg Blocks & Page Layouts - Attire Blocks <1.9.5 - XSS
CVSS 6.4
CVE-2024-11901
MEDIUM
PowerBI Embed Reports <= 1.1.7 - Authenticated Stored Cross-Site Scripting via MO_API_POWER_BI Shortcode
CVSS 6.4
CVE-2024-11683
MEDIUM
Newsletter Subscriptions <2.1 - XSS
CVSS 6.1
CVE-2024-11442
MEDIUM
Horizontal scroll image slideshow <= 10.1 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-11433
MEDIUM
Surbma | SalesAutopilot Shortcode <2.0 - XSS
CVSS 6.4
CVE-2024-11427
MEDIUM
Catch Popup <= 1.4.4 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-11413
MEDIUM
HostFact bestelformulier integratie <= 1.1 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-11279
MEDIUM
Schema App Structured Data plugin - WordPress <2.2.4 - XSS
CVSS 6.1
CVE-2024-55659
MEDIUM
SiYuan < 3.1.16 - Unauthenticated Arbitrary File Write and Stored Cross-Site Scripting via Asset Upload Endpoint
CVSS 5.4
CVE-2024-53274
MEDIUM
Habitica < 5.28.5 - Reflected Cross-Site Scripting via RedirectTo Parameter
CVSS 6.1
CVE-2024-53273
MEDIUM
Habitica < 5.28.5 - Reflected Cross-Site Scripting via RedirectTo Parameter
CVSS 6.1
CVE-2024-53272
MEDIUM
Habitica < 5.28.5 - Reflected Cross-Site Scripting via RedirectTo Parameter
CVSS 6.1
CVE-2024-12536
LOW
SourceCodester Kortex Lite Advocate Office Management System 1.0 - Cross-Site Scripting via client_data.php id Parameter
CVSS 3.5
CVE-2024-12503
LOW
ClassCMS 4.8 - Cross-Site Scripting via Model Management Page URL Parameter
CVSS 2.4
CVE-2024-50339
MEDIUM
GLPI 9.5.0-10.0.16 - Unauthenticated Session ID Exposure and Hijacking
CVSS 5.3
Details
Vulnerabilities
45,390
Exploit Likelihood
High