CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,414 vulnerabilities with CWE-79
CVE-2024-54207 MEDIUM
Owen Cutajar & Hyder Jaffari WordPress Auction Plugin <3.7 - XSS
CVSS 5.9
CVE-2024-54206 MEDIUM
URBAN BASE Z-Downloads <1.11.7 - XSS
CVSS 5.9
CVE-2024-53823 MEDIUM
The Plus Addons for Elementor Page Builder Lite <= 5.6.14 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2024-53821 HIGH
Genetech Pie Register Premium <3.8.3.3 - XSS
CVSS 7.1
CVE-2024-53820 MEDIUM
Captivate Sync <= 2.0.22 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-53812 HIGH
WP GeoNames <= 1.8 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-53802 MEDIUM
FuturioWP Futurio Extra <2.0.14 - XSS
CVSS 6.5
CVE-2024-53801 MEDIUM
BoldThemes Bold Page Builder <5.2.1 - XSS
CVSS 6.5
CVE-2024-53797 MEDIUM
Beaver Builder <= 2.8.4.3 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-53796 MEDIUM
Themesflat Addons For Elementor <2.2.2 - XSS
CVSS 6.5
CVE-2024-53794 MEDIUM
LOOS,Inc. Arkhe Blocks <2.27.0 - XSS
CVSS 6.5
CVE-2024-4633 MEDIUM
Slider & Popup Builder by Depicter < 3.2.1 - Authenticated Stored Cross-Site Scripting via addExtraMimeType Function
CVSS 6.4
CVE-2024-11321 MEDIUM
Hi e-learning LMS <06.12.2024 - XSS
CVSS 5.4
CVE-2024-9872 MEDIUM
WordPress vcita < 4.5.1 - Authenticated Stored XSS via vcita_save_user_data_callback
CVSS 5.4
CVE-2024-9866 MEDIUM
Event Tickets with Ticket Scanner <2.4.4 - XSS
CVSS 5.4
CVE-2024-12060 MEDIUM
WP Media Optimizer (.webp) <= 1.4.0 - Unauthenticated Reflected Cross-Site Scripting via CSS and JS Resource Parameters
CVSS 6.1
CVE-2024-11823 MEDIUM
WordPress Folder Gallery <1.7.4 - XSS
CVSS 6.1
CVE-2024-11687 MEDIUM
WordPress Next-Cart Store <3.9.2 - XSS
CVSS 6.1
CVE-2024-11450 MEDIUM
ONLYOFFICE Docs <= 2.0.0 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-11368 MEDIUM
Splash Sync <= 2.0.7 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg
CVSS 6.1
CVE-2024-11352 MEDIUM
TwentyTwenty <= 1.0.1 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-11339 MEDIUM
Smart PopUp Blaster <= 1.4.3 - Authenticated Stored Cross-Site Scripting via 'spb-button' Shortcode
CVSS 6.4
CVE-2024-11276 MEDIUM
PDF Builder for WooCommerce <1.2.136 - XSS
CVSS 6.1
CVE-2024-11204 MEDIUM
ForumWP - Forum & Discussion Board <= 2.1.2 - Reflected Cross-Site Scripting via URL Parameter
CVSS 6.1
CVE-2024-10879 MEDIUM
ForumWP <= 2.1.2 - Unauthenticated Reflected XSS via add_query_arg/remove_query_arg
CVSS 6.1
Details
Vulnerabilities 45,414
Exploit Likelihood High