CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,414 vulnerabilities with CWE-79
CVE-2024-54232 MEDIUM
RRAddons for Elementor <1.1.0 - XSS
CVSS 6.5
CVE-2024-54230 MEDIUM
WPRealizer Unlock Addons for Elementor <1.0.0 - XSS
CVSS 6.5
CVE-2024-54228 MEDIUM
Wot Elementor Widgets <= 1.0.1 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2024-54224 MEDIUM
QuomodoSoft ElementsReady <6.4.7 - XSS
CVSS 6.5
CVE-2024-54220 HIGH
Roninwp FAT Services Booking <5.6 - XSS
CVSS 7.1
CVE-2024-54219 HIGH
AIO Contact <= 2.8.1 - Unauthenticated Stored Cross-Site Scripting
CVSS 7.1
CVE-2024-53818 MEDIUM
PostX <= 4.1.15 - Cross-Site Scripting
CVSS 6.5
CVE-2024-53791 MEDIUM
Lenxel Core for Lenxel(LNX) LMS <= 1.3.9 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2024-9651 MEDIUM
Fluent Forms < 5.2.1 - Authenticated Stored Cross-Site Scripting in Settings
CVSS 6.1
CVE-2024-12359 LOW
code-projects Admin Dashboard 1.0 - Cross-Site Scripting via Username Parameter in Vendor Management
CVSS 3.5
CVE-2024-53285 MEDIUM
Synology Router Manager < 1.3.1-9346 - Authenticated Stored Cross-Site Scripting in DDNS Record Functionality
CVSS 5.9
CVE-2024-53284 MEDIUM
Synology Router Manager < 1.3.1-9346 - Authenticated Cross-Site Scripting in WiFi Connect Setting
CVSS 5.9
CVE-2024-53283 MEDIUM
Synology Router Manager < 1.3.1-9346-10 - Authenticated Cross-Site Scripting in Port Forward Functionality
CVSS 5.9
CVE-2024-53282 MEDIUM
Synology Router Manager < 1.3.1-9346 - Authenticated Cross-Site Scripting in WiFi Connect MAC Filter
CVSS 5.9
CVE-2024-53281 MEDIUM
Synology Router Manager < 1.3.1-9346 - Authenticated Cross-Site Scripting in Network WOL Functionality
CVSS 5.9
CVE-2024-53280 MEDIUM
Synology Router Manager < 1.3.1-9346 - Authenticated Cross-Site Scripting in Network Center Policy Route
CVSS 5.9
CVE-2024-53279 MEDIUM
Synology Router Manager < 1.3.1-9346 - Authenticated Cross-Site Scripting in File Station
CVSS 5.9
CVE-2024-12348 LOW
jpress 5.1.2 - Cross-Site Scripting in Attachment Upload Handler
CVSS 3.5
CVE-2024-12346 LOW
Talentera < 20241128 - Cross-Site Scripting via redirect_url Parameter
CVSS 3.5
CVE-2024-47107 MEDIUM
IBM QRadar SIEM 7.5 - Authenticated Stored Cross-Site Scripting
CVSS 6.4
CVE-2024-11464 MEDIUM
Easy Code Snippets <= 1.0.2 - Unauthenticated Reflected Cross-Site Scripting via Page Parameter
CVSS 6.1
CVE-2024-11457 MEDIUM
Feedpress Generator - WordPress <1.2.1 - XSS
CVSS 6.1
CVE-2024-11380 MEDIUM
WordPress Mini Program API <1.4.5 - XSS
CVSS 6.4
CVE-2024-12128 MEDIUM
Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal...
CVSS 6.1
CVE-2024-11374 MEDIUM
TWChat <=4.0.4 - Unauthenticated Reflected XSS via remove_query_arg
CVSS 6.1
Details
Vulnerabilities 45,414
Exploit Likelihood High