CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,414 vulnerabilities with CWE-79
CVE-2024-11367 MEDIUM
Elementor forms plugin <4.1.0 - XSS
CVSS 6.1
CVE-2024-11183 MEDIUM
Simple Side Tab < 2.2.0 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 4.8
CVE-2024-12257 MEDIUM
CardGate Payments for WooCommerce <= 3.2.1 - Unauthenticated Reflected Cross-Site Scripting via Page Parameter
CVSS 6.1
CVE-2024-12167 MEDIUM
Shortcodes Blocks Creator Ultimate <= 2.2.0 - Reflected Cross-Site Scripting via _wpnonce Parameter
CVSS 6.1
CVE-2024-12166 MEDIUM
Shortcodes Blocks Creator Ultimate <= 2.2.0 - Unauthenticated Reflected Cross-Site Scripting via Page Parameter
CVSS 6.1
CVE-2024-12165 MEDIUM
Mollie for Contact Form 7 <5.0.0 - XSS
CVSS 6.1
CVE-2024-11943 MEDIUM
WordPress SimplePay - WooCommerce 5.2.2 - XSS
CVSS 6.1
CVE-2024-11904 MEDIUM
.codeshop socialtalk <1.2.0 - XSS
CVSS 6.4
CVE-2024-11451 MEDIUM
Zooom <= 1.1.0 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-11436 MEDIUM
Drag & Drop Builder <= 1.4.19 - Unauthenticated Reflected XSS via Page Parameter
CVSS 6.1
CVE-2024-11329 MEDIUM
Comfino Payment Gateway <4.1.1 - XSS
CVSS 6.1
CVE-2024-10046 MEDIUM
Persian WooCommerce SMS <7.0.5 - XSS
CVSS 6.1
CVE-2024-54138 MEDIUM
NuGetGallery < 2024.12.06 - Cross-Site Scripting via Autolink Handling
CVSS 6.1
CVE-2024-7875 MEDIUM
Tungsten Automation TotalAgility <7.9.0.25.0.954 - XSS
CVE-2024-7874 MEDIUM
Tungsten Automation (Kofax) TotalAgility <7.9.0.25.0.954 - XSS
CVE-2024-12326 MEDIUM
jirafeau < 4.6.1 - Stored Cross-Site Scripting via Case-Insensitive MIME Type Bypass
CVSS 6.1
CVE-2024-48703 MEDIUM
PhpGurukul Medical Card Generation System 1.0 - Reflected Cross-Site Scripting via Search Parameter
CVSS 4.8
CVE-2024-55268 MEDIUM
PHPGurukul COVID 19 Testing Management System 1.0 - Reflected Cross-Site Scripting via regmobilenumber Parameter
CVSS 6.1
CVE-2024-50677 MEDIUM
OroPlatform CMS 5.1 - Cross-Site Scripting via Search Parameter
CVSS 6.1
CVE-2024-54213 MEDIUM
ZionBuilder <= 3.6.16 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-54212 MEDIUM
Noor alam Magical Addons For Elementor <1.2.6 - XSS
CVSS 6.5
CVE-2024-54211 MEDIUM
Visualmodo Borderless <= 1.5.8 - Cross-Site Scripting
CVSS 5.9
CVE-2024-54210 MEDIUM
CodexShaper Advanced Element Bucket Addons - XSS
CVSS 6.5
CVE-2024-54209 HIGH
WPFactory Awesome Shortcodes <1.7.2 - XSS
CVSS 7.1
CVE-2024-54208 HIGH
Joni Halabi Block Controller <1.4.2 - XSS
CVSS 7.1
Details
Vulnerabilities 45,414
Exploit Likelihood High