CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,414 vulnerabilities with CWE-79
CVE-2024-11367
MEDIUM
Elementor forms plugin <4.1.0 - XSS
CVSS 6.1
CVE-2024-11183
MEDIUM
Simple Side Tab < 2.2.0 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 4.8
CVE-2024-12257
MEDIUM
CardGate Payments for WooCommerce <= 3.2.1 - Unauthenticated Reflected Cross-Site Scripting via Page Parameter
CVSS 6.1
CVE-2024-12167
MEDIUM
Shortcodes Blocks Creator Ultimate <= 2.2.0 - Reflected Cross-Site Scripting via _wpnonce Parameter
CVSS 6.1
CVE-2024-12166
MEDIUM
Shortcodes Blocks Creator Ultimate <= 2.2.0 - Unauthenticated Reflected Cross-Site Scripting via Page Parameter
CVSS 6.1
CVE-2024-12165
MEDIUM
Mollie for Contact Form 7 <5.0.0 - XSS
CVSS 6.1
CVE-2024-11943
MEDIUM
WordPress SimplePay - WooCommerce 5.2.2 - XSS
CVSS 6.1
CVE-2024-11904
MEDIUM
.codeshop socialtalk <1.2.0 - XSS
CVSS 6.4
CVE-2024-11451
MEDIUM
Zooom <= 1.1.0 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-11436
MEDIUM
Drag & Drop Builder <= 1.4.19 - Unauthenticated Reflected XSS via Page Parameter
CVSS 6.1
CVE-2024-11329
MEDIUM
Comfino Payment Gateway <4.1.1 - XSS
CVSS 6.1
CVE-2024-10046
MEDIUM
Persian WooCommerce SMS <7.0.5 - XSS
CVSS 6.1
CVE-2024-54138
MEDIUM
NuGetGallery < 2024.12.06 - Cross-Site Scripting via Autolink Handling
CVSS 6.1
CVE-2024-7875
MEDIUM
Tungsten Automation TotalAgility <7.9.0.25.0.954 - XSS
CVE-2024-7874
MEDIUM
Tungsten Automation (Kofax) TotalAgility <7.9.0.25.0.954 - XSS
CVE-2024-12326
MEDIUM
jirafeau < 4.6.1 - Stored Cross-Site Scripting via Case-Insensitive MIME Type Bypass
CVSS 6.1
CVE-2024-48703
MEDIUM
PhpGurukul Medical Card Generation System 1.0 - Reflected Cross-Site Scripting via Search Parameter
CVSS 4.8
CVE-2024-55268
MEDIUM
PHPGurukul COVID 19 Testing Management System 1.0 - Reflected Cross-Site Scripting via regmobilenumber Parameter
CVSS 6.1
CVE-2024-50677
MEDIUM
OroPlatform CMS 5.1 - Cross-Site Scripting via Search Parameter
CVSS 6.1
CVE-2024-54213
MEDIUM
ZionBuilder <= 3.6.16 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-54212
MEDIUM
Noor alam Magical Addons For Elementor <1.2.6 - XSS
CVSS 6.5
CVE-2024-54211
MEDIUM
Visualmodo Borderless <= 1.5.8 - Cross-Site Scripting
CVSS 5.9
CVE-2024-54210
MEDIUM
CodexShaper Advanced Element Bucket Addons - XSS
CVSS 6.5
CVE-2024-54209
HIGH
WPFactory Awesome Shortcodes <1.7.2 - XSS
CVSS 7.1
CVE-2024-54208
HIGH
Joni Halabi Block Controller <1.4.2 - XSS
CVSS 7.1
Details
Vulnerabilities
45,414
Exploit Likelihood
High