CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,414 vulnerabilities with CWE-79
CVE-2024-53767 MEDIUM
Pixobe Cartography <= 1.0.1 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2024-53766 MEDIUM
Devnex Addons For Elementor <1.0.9 - XSS
CVSS 6.5
CVE-2024-53764 MEDIUM
SoftHopper Softtemplates For Elementor <1.0.9 - XSS
CVSS 6.5
CVE-2024-53763 MEDIUM
Rejuan Ahamed Best Addons for Elementor <1.0.5 - XSS
CVSS 6.5
CVE-2024-53760 MEDIUM
Capitalize My Title <= 0.5.3 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-53758 MEDIUM
WP MathJax <= 1.0.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-53757 MEDIUM
SocialEvolution WP Find Your Nearest <0.3.1 - XSS
CVSS 6.5
CVE-2024-53756 MEDIUM
Aftab Husain Vertical Carousel <1.0.2 - XSS
CVSS 6.5
CVE-2024-53788 MEDIUM
Portfoliohub WordPress Portfolio Builder - Portfolio Gallery <1.1.7...
CVSS 5.9
CVE-2024-53787 MEDIUM
Random Banner <= 4.2.12 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-12001 LOW
Wazifa System 1.0 - Cross-Site Scripting via Firstname Parameter in Setting Handler
CVSS 3.5
CVE-2024-12000 LOW
code-projects Blood Bank System 1.0 - Cross-Site Scripting via Firstname Parameter in Setting Handler
CVSS 3.5
CVE-2024-11997 LOW
Farmacia 1.0 - Cross-Site Scripting via notaFiscal Parameter
CVSS 3.5
CVE-2024-11996 LOW
Farmacia 1.0 - Cross-Site Scripting via cidade Parameter in /editar-fornecedor.php
CVSS 3.5
CVE-2024-11252 MEDIUM
Sassy Social Share <= 3.3.69 - Unauthenticated Reflected XSS via heateor_mastodon_share
CVSS 6.1
CVE-2024-11995 LOW
Farmacia 1.0 - Cross-Site Scripting via Pagamento Total Parameter
CVSS 3.5
CVE-2024-53864 MEDIUM
Ibexa Admin UI Bundle <4.6.13 - XSS
CVE-2024-52809 MEDIUM
intlify/core-base 9.3.0-9.14.2 - Cross-Site Scripting in Locale Message AST Generation
CVE-2024-36624 MEDIUM
Zulip 8.3 - Cross-Site Scripting via construct_copy_div Function
CVSS 5.4
CVE-2024-36625 MEDIUM
Zulip 8.3 - Cross-Site Scripting via replace_emoji_with_text Function
CVSS 5.4
CVE-2024-11990 MEDIUM
SurgeMail 78c2 - Cross-Site Scripting via Vulnerable Parameters
CVSS 4.6
CVE-2024-39162 MEDIUM
pyspider <= 0.3.10 - Cross-Site Scripting via /update Endpoint
CVSS 6.1
CVE-2024-10980 MEDIUM
Element Pack Elementor Addons < 5.10.3 - Stored Cross-Site Scripting via Cookie Consent Block Options
CVSS 5.4
CVE-2024-10704 MEDIUM
Photo Gallery by 10Web < 1.8.31 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 4.8
CVE-2024-54123 MEDIUM
Backdrop CMS < 1.28.4 and 1.29.x < 1.29.2 - Cross-Site Scripting via SVG Document
CVSS 6.1
Details
Vulnerabilities 45,414
Exploit Likelihood High