CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,414 vulnerabilities with CWE-79
CVE-2024-10895 MEDIUM
Counter Up - WordPress <2.4.0 - XSS
CVSS 6.4
CVE-2024-10175 MEDIUM
Pricing Tables For WPBakery Page Builder <1.4 - XSS
CVSS 6.4
CVE-2024-11820 LOW
Code-projects Crud Operation System 1.0 - XSS
CVSS 3.5
CVE-2024-49053 HIGH
Microsoft Dynamics 365 Sales - Spoofing
CVSS 7.6
CVE-2024-49038 CRITICAL
Copilot Studio - Cross-Site Scripting
CVSS 9.3
CVE-2024-11742 LOW
SourceCodester Best House Rental Management System 1.0 - XSS
CVSS 3.5
CVE-2024-53620 MEDIUM
SPIP 4.3.3 - Authenticated Stored Cross-Site Scripting via Article Title Parameter
CVSS 4.8
CVE-2024-10878 MEDIUM
Sugar Calendar < 3.3.0 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg and remove_query_arg
CVSS 6.1
CVE-2024-53365 MEDIUM
PHPGURUKUL Vehicle Parking Management System 1.13 - Authenticated Stored Cross-Site Scripting in Profile Name Field
CVSS 5.4
CVE-2024-8236 MEDIUM
Elementor Website Builder <3.25.7 - XSS
CVSS 6.4
CVE-2024-11694 MEDIUM
Firefox < 133 & Thunderbird < 133 - XSS
CVSS 6.1
CVE-2024-38834 MEDIUM
VMware Aria Operations 8.0-8.18.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-38833 MEDIUM
VMware Aria Operations 8.0-8.18.1 - Stored Cross-Site Scripting via Email Template Injection
CVSS 6.8
CVE-2024-38832 HIGH
VMware Aria Operations 8.0-8.18.1 - Stored Cross-Site Scripting in View Editing
CVSS 7.1
CVE-2024-50376 HIGH
Advantech EKI-6333AC-2G/2GD/1GPO Firmware - Cross-Site Scripting via Malicious Wi-Fi SSID
CVSS 7.3
CVE-2024-10308 MEDIUM
Jeg Elementor Kit <= 2.6.9 - Authenticated Stored Cross-Site Scripting via Countdown Widget
CVSS 6.4
CVE-2024-11032 MEDIUM
Parsi Date < 5.1.1 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg
CVSS 6.1
CVE-2024-9170 MEDIUM
Booster for WooCommerce <= 7.2.3 - Authenticated Stored Cross-Site Scripting via wcj_product_meta Shortcode
CVSS 5.5
CVE-2024-11192 MEDIUM
Sp*tify Play Button for WordPress <= 2.11 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-11119 MEDIUM
BNE Gallery Extended <= 1.2.1 - Authenticated Stored Cross-Site Scripting via Gallery Shortcode Attributes
CVSS 6.4
CVE-2024-11091 MEDIUM
WordPress Support SVG <=1.1.0 - Authenticated Stored XSS via REST API
CVSS 6.4
CVE-2024-36249 HIGH
Sharp and Toshiba Tec MFPs - Stored Cross-Site Scripting in Administrative Page
CVSS 7.4
CVE-2024-11202 MEDIUM
CM WordPress Search And Replace Plugin <1.4.2 - Unauthenticated XSS via cminds_free_guide Shortcode
CVSS 6.1
CVE-2024-10471 MEDIUM
Everest Forms < 3.0.4.2 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 4.8
CVE-2024-53278 MEDIUM
WP Admin UI Customize <1.5.14 - XSS
CVSS 4.8
Details
Vulnerabilities 45,414
Exploit Likelihood High