CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,414 vulnerabilities with CWE-79
CVE-2024-10895
MEDIUM
Counter Up - WordPress <2.4.0 - XSS
CVSS 6.4
CVE-2024-10175
MEDIUM
Pricing Tables For WPBakery Page Builder <1.4 - XSS
CVSS 6.4
CVE-2024-11820
LOW
Code-projects Crud Operation System 1.0 - XSS
CVSS 3.5
CVE-2024-49053
HIGH
Microsoft Dynamics 365 Sales - Spoofing
CVSS 7.6
CVE-2024-49038
CRITICAL
Copilot Studio - Cross-Site Scripting
CVSS 9.3
CVE-2024-11742
LOW
SourceCodester Best House Rental Management System 1.0 - XSS
CVSS 3.5
CVE-2024-53620
MEDIUM
SPIP 4.3.3 - Authenticated Stored Cross-Site Scripting via Article Title Parameter
CVSS 4.8
CVE-2024-10878
MEDIUM
Sugar Calendar < 3.3.0 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg and remove_query_arg
CVSS 6.1
CVE-2024-53365
MEDIUM
PHPGURUKUL Vehicle Parking Management System 1.13 - Authenticated Stored Cross-Site Scripting in Profile Name Field
CVSS 5.4
CVE-2024-8236
MEDIUM
Elementor Website Builder <3.25.7 - XSS
CVSS 6.4
CVE-2024-11694
MEDIUM
Firefox < 133 & Thunderbird < 133 - XSS
CVSS 6.1
CVE-2024-38834
MEDIUM
VMware Aria Operations 8.0-8.18.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-38833
MEDIUM
VMware Aria Operations 8.0-8.18.1 - Stored Cross-Site Scripting via Email Template Injection
CVSS 6.8
CVE-2024-38832
HIGH
VMware Aria Operations 8.0-8.18.1 - Stored Cross-Site Scripting in View Editing
CVSS 7.1
CVE-2024-50376
HIGH
Advantech EKI-6333AC-2G/2GD/1GPO Firmware - Cross-Site Scripting via Malicious Wi-Fi SSID
CVSS 7.3
CVE-2024-10308
MEDIUM
Jeg Elementor Kit <= 2.6.9 - Authenticated Stored Cross-Site Scripting via Countdown Widget
CVSS 6.4
CVE-2024-11032
MEDIUM
Parsi Date < 5.1.1 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg
CVSS 6.1
CVE-2024-9170
MEDIUM
Booster for WooCommerce <= 7.2.3 - Authenticated Stored Cross-Site Scripting via wcj_product_meta Shortcode
CVSS 5.5
CVE-2024-11192
MEDIUM
Sp*tify Play Button for WordPress <= 2.11 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-11119
MEDIUM
BNE Gallery Extended <= 1.2.1 - Authenticated Stored Cross-Site Scripting via Gallery Shortcode Attributes
CVSS 6.4
CVE-2024-11091
MEDIUM
WordPress Support SVG <=1.1.0 - Authenticated Stored XSS via REST API
CVSS 6.4
CVE-2024-36249
HIGH
Sharp and Toshiba Tec MFPs - Stored Cross-Site Scripting in Administrative Page
CVSS 7.4
CVE-2024-11202
MEDIUM
CM WordPress Search And Replace Plugin <1.4.2 - Unauthenticated XSS via cminds_free_guide Shortcode
CVSS 6.1
CVE-2024-10471
MEDIUM
Everest Forms < 3.0.4.2 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 4.8
CVE-2024-53278
MEDIUM
WP Admin UI Customize <1.5.14 - XSS
CVSS 4.8
Details
Vulnerabilities
45,414
Exploit Likelihood
High